提交 #855978: code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax信息

标题code-projects Online Job Portal System 1.0 Improper Neutralization of Alternate XSS Syntax
描述During a security review of "Online Job Portal System", stored Cross-Site Scripting (XSS) vulnerabilities were discovered across /News.php, /Admin/DetailJob.php, and /Admin/EditUser.php. All dynamic database output is rendered directly into HTML without htmlspecialchars() encoding. Since the system also suffers from SQL injection vulnerabilities, an attacker can inject malicious JavaScript directly into database fields via UNION-based SQL injection. When an administrator or job seeker views the affected pages, the malicious JavaScript executes in their browser context, stealing session cookies or performing actions on their behalf. Additionally, plaintext passwords are exposed in HTML form values on /Admin/EditUser.php.
来源⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/7
用户
 dazhi (UID 87857)
提交2026-06-11 12時59分 (1 月前)
管理2026-07-13 23時19分 (1 month later)
状态已接受
VulDB条目378168 [code-projects Online Job Portal 1.0 /Admin/DetailJob.php 跨网站脚本]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!