Vulnerability CVE-2022-41358


Published: 2022-10-20

Description:
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Garage Management System 1.0 - 'categoriesName' - Stored XSS
Sam Wallace
15.10.2022

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/thecasual/CVE-2022-41358
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
http://packetstormsecurity.com/files/168718/Garage-Management-System-1.0-Cross-Site-Scripting.html

Copyright 2024, cxsecurity.com

 

Back to Top