Budget Management System 1.0 Cross Site Scripting

2021.03.29

Credit: Jitendra Kumar Tripathi

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
# Exploit Author: Jitendra Kumar Tripathi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
# Version: 1
# Tested on Windows 10 + Xampp 8.0.3
XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website
Vulnerable Parameters: Customer Details
*Steps to reproduce:*
Add Budget Title
Payload : <script>alert(1)</script>
Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Budget Management System 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.