提交 #800121: code-projects Home Service System In PHP 1.0 Cross Site Scripting
| 标题 | code-projects Home Service System In PHP 1.0 Cross Site Scripting |
|---|---|
| 描述 | A stored cross-site scripting (XSS) vulnerability exists in the booking.php component of code-projects Home Service System In PHP 1.0. The fname and lname parameters are not properly sanitized before being stored and later rendered in the admin panel. This allows a remote unauthenticated attacker to inject malicious JavaScript which executes in the administrator's browser context. Successful exploitation leads to session cookie theft and complete administrative account takeover. Proof of concept and exploitation details have been publicly disclosed. |
| 来源 | ⚠️ https:/ |
| 用户 | imad alvi (UID 97088) |
| 提交 | 2026-04-08 19時16分 (2 月前) |
| 管理 | 2026-04-26 10時22分 (18 days later) |
| 状态 | 已接受 |
| VulDB条目 | 359664 [code-projects Home Service System 1.0 Appointment Booking /booking.php fname/lname 跨网站脚本] |
| 积分 | 20 |