needyamin Library Card System Registration Page signup.php cross site scripting

2025.02.24
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

Title of the Vulnerability: Library-Card-System | Stored Cross Site Scripting In signup.php | Finder & Exploit Owner: Maloy Roy Orko Vulnerability Class: Stored Cross Site Scripting Product Name: Library-Card-System Vendor: Needyamin Type: Library-Card-System Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/ Vendor Link: https://github.com/needyamin/ Affected Components: /signup.php In Short: Stored Cross Site Scripting Vulnerability Found By Maloy Roy Orko At /signup.php In Library-Card-System 1.0(Vendor: Needyamin).The Sign Up Fields In (/signup.php) Don't Validate Or Sanitize The User Inputs Even No Defense Against XSS.So,The Fields Can Be Used To Execute Malicious JavaScript Commands. Suggested Description: Stored Cross Site Scripting in "/signup.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "To Execute Malicious JavaScript Commands Because User Can Register With XSS Payloads & JavaScript Codes" via "/admindashboard.php & card.php". Attack Vectors: To exploit vulnerability,he has to register with xss payloads in signup fields like name,book in /signup.php.Thus, Attacker can execute malicious JavaScript codes in /admindashboard.php & /card.php! Detailed Blog: https://www.websecurityinsights.my.id/2025/01/library-card-system-stored-cross-site.html?m=1

References:

https://www.websecurityinsights.my.id/2025/01/library-card-system-stored-cross-site.html?m=1


Vote for this issue:
0%
100%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top