| 标题 | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Stored XSS |
|---|
| 描述 | ## MPLOYEE_MANAGEMENT_SYSTEM file `370project/edit.php` contains a Stored XSS vulnerability
Impact of the vulnerability
An attacker can inject malicious JavaScript into an employee record by submitting a crafted value in the update form. When an administrator later opens the affected employee’s edit page, the payload is rendered in an HTML attribute context and can execute, potentially leading to:
- Session hijacking (stealing cookies/tokens)
- Account takeover (performing actions as the admin)
- Phishing/UI redress (injecting fake forms or modifying page content)
### Payload:
"><sCrIpT>alert(555)</sCrIpT>
### Sources download:
https://code-projects.org/employee-management-system-in-php-with-source-code/ |
|---|
| 来源 | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul4.md |
|---|
| 用户 | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| 提交 | 2026-04-09 08時49分 (19 日前) |
|---|
| 管理 | 2026-04-26 18時01分 (17 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 359670 [code-projects Employee Management System 1.0 370project/edit.php 标识符 跨网站脚本] |
|---|
| 积分 | 0 |
|---|