vendor:
Online Project Time Management System
by:
Felipe Alcantara (Filiplain)
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Online Project Time Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:online_project_time_management_system:1.0
Platforms Tested: Kali Linux
2022
Online Project Time Management System 1.0 – Multiple Stored XSS (Authenticated)
Online Project Time Management System 1.0 is vulnerable to multiple stored XSS attacks when an authenticated user adds XSS payload to any field of the user's name. An attacker can exploit this vulnerability by logging in as an employee, going to http://localhost/ptms/?page=user, adding XSS payload to any field of the user's name and clicking Update.
Mitigation:
Input validation should be used to prevent XSS attacks. Sanitize user input and encode output to prevent XSS attacks.