Library Management System 3.0 "Add Category" Stored XSS

2020.12.23

Credit: Kislay Kumar

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Library Management System 3.0 - "Add Category" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://otsglobal.org/
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
# Affected Version: 3.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux
Step 1. Login as Admin.
Step 2. Select "Book" from menu and select "Categories" from sub menu and
after that click on "Add Category".
Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"
Step 4. Now Click on "Save" , Go to "Category" and See last , there you
will get alert box.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Library Management System 3.0 "Add Category" Stored XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.