提交 #599888: code-projects School Fees Payment System 1.0 Cross Site Scripting信息

标题code-projects School Fees Payment System 1.0 Cross Site Scripting
描述During the security review of "School Fees Payment System", I discovered a Stored Cross-Site Scripting vulnerability in the "/fees.php" file. This vulnerability stems from insufficient user input validation of the 'transcation_remark' parameter, allowing attackers to inject malicious front-end code. Therefore, attackers can forge input values, thereby manipulating front-end code and performing the set behaviors in the user's browser, such as stealing the user's cookies. Immediate remedial measures are needed to ensure system security and protect data integrity.
来源⚠️ https://github.com/tuooo/CVE/issues/17
用户
 DS_Leo (UID 86084)
提交2025-06-18 19時25分 (1 年前)
管理2025-06-21 07時27分 (3 days later)
状态已接受
VulDB条目313581 [code-projects School Fees Payment System 1.0 /fees.php transcation_remark 跨网站脚本]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!