Blood Donor Management System 1.0 Cross Site Scripting

2023.08.16
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Blood Donor Management System - Stored XSS # Application: Blood Donor Management System # Version: v1.0 # Bugs: Stored XSS # Technology: PHP # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ # Date: 15.08.2023 # Author: Ehlullah Albayrak # Tested on: Windows #POC ======================================== 1. Login to user account 2. Go to Profile 3. Change "State" input and add "<script>alert("xss")</script>" payload. 4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered. #Payload: <script>alert("xss")</script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top