Life Insurance Management System 1.0 Cross Site Scripting

2021.01.09

Credit: Arnav Tripathy

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS
# Date: 4/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: linux / Lamp
Click on add payment once logged in. Put <script>alert(1)</script> and so on in all parameters. You will notice popup once you navigate to payments.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Life Insurance Management System 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.