| 标题 | Project Worlds Student Project Allocation System 1.0 reflected Cross-Site Scripting (XSS) at admin_login.php |
|---|
| 描述 | ## Vulnerability Details
The Admin Login module in the Project Allocation System developed by the Project Allocation System is found to have a security vulnerability that exposes it to reflected Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access, data theft, or other security breaches.
XSS Vulnerability
- **Location:** `admin/admin_login.php`
- **Vulnerable Parameter:** `msg`
https://localhost/Project-Allocation-System/admin/admin_login.php?msg=test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E
There's a full report attached at the advisory |
|---|
| 来源 | ⚠️ https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4 |
|---|
| 用户 | torada (UID 61170) |
|---|
| 提交 | 2024-01-15 16時49分 (2 年前) |
|---|
| 管理 | 2024-01-19 11時21分 (4 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 251549 [Project Worlds Student Project Allocation System 1.0 Admin Login admin_login.php msg 跨网站脚本] |
|---|
| 积分 | 17 |
|---|