| 标题 | CodeAstro Food Ordering System in PHP CodeIgniter 18/2021 Cross Site Scripting |
|---|
| 描述 | A critical Stored Cross-Site Scripting (XSS) vulnerability was discovered in the stores section of Food Ordering System in PHP CodeIgniter.
Attackers can inject malicious JavaScript via the patname field (POST parameter), which gets persistently stored in the database and executed whenever the profile page is viewed. |
|---|
| 来源 | ⚠️ https://github.com/Vanshdhawan188/Food-Ordering-System-in-PHP-CodeIgniter-/blob/main/Stored%20Cross-Site%20Scripting%20(XSS).md |
|---|
| 用户 | Subhash Paudel (UID 66830) |
|---|
| 提交 | 2025-06-08 17時24分 (1 年前) |
|---|
| 管理 | 2025-06-15 12時42分 (7 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 312600 [CodeAstro Food Ordering System 1.0 POST Request Parameter /admin/store/edit/ Restaurant Name/Address 跨网站脚本] |
|---|
| 积分 | 18 |
|---|