| 标题 | sourcecodester Barangay Population Monitoring System 1.0 Stored XSS |
|---|
| 描述 | The Barangay Population Monitoring System by SOURCECODESTER is vulnerable to a Stored Cross-Site Scripting (XSS) attack through its /endpoint/update-resident.php component. This vulnerability is introduced by the application's failure to properly sanitize user input for the full_name field. An attacker can exploit this flaw by submitting a specially crafted payload through the full_name parameter, which, when processed by the server, leads to the execution of arbitrary JavaScript code in the context of the user's browser session. This particular exploit demonstrates the potential for attackers to inject malicious scripts, such as <img src=x onerror=alert('NoChizPlZ')>, which can lead to a variety of malicious outcomes, including but not limited to session hijacking, redirection to phishing sites, or unauthorized access to sensitive information. The proof of concept provided outlines how such a payload can be submitted, emphasizing the critical need for input validation and encoding measures to prevent XSS vulnerabilities. |
|---|
| 来源 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Barangay%20Population%20Monitoring%20System/Stored%20XSS%20update-resident.php%20.md |
|---|
| 用户 | nochizplz (UID 64302) |
|---|
| 提交 | 2024-02-28 13時50分 (2 年前) |
|---|
| 管理 | 2024-03-01 08時04分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 255380 [SourceCodester Barangay Population Monitoring System 直到 1.0 update-resident.php full_name 跨网站脚本] |
|---|
| 积分 | 20 |
|---|