提交 #399338: SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax信息

标题SourceCodester Contact Manager with Export to VCF 1.0 Improper Neutralization of Alternate XSS Syntax
描述A Stored XSS vulnerability found in Contact Manager with Export to VCF from SourceCodester where **contact_name** parameter (Contact Name) display field storing data in index.html line 105 ``` <thead> <tr> <th scope="col">Contact ID</th> 105 <th scope="col">Name</th> <th scope="col">Phone Number</th> <th scope="col">Email</th> <th scope="col">Action</th> </tr> </thead> ``` is not properly sanitized for prevention of XSS and vulnerable to stored XSS vulnerability Step to reporduce: 1. Product URL:https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html Download and setup this project 2. navigate to URL 3. Use this payload "><img src=x onerror=alert("document.cookie")> in the **Contact Name** field 4. Submit and Observe the XSS (advisory link add after CVE assignment)
用户
 guru (UID 74056)
提交2024-08-28 18時04分 (2 年前)
管理2024-08-30 07時43分 (2 days later)
状态已接受
VulDB条目276212 [SourceCodester Contact Manager with Export to VCF 1.0 index.html contact_name 跨网站脚本]
积分17

Might our Artificial Intelligence support you?

Check our Alexa App!