header-logo
Suggest Exploit
vendor:
Online Job Portal
by:
Akıner Kısa
8.8
CVSS
HIGH
Cross Site Scripting (Stored)
79
CWE
Product Name: Online Job Portal
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:online_job_portal:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: XAMPP
2020

Online Job Portal 1.0 Cross Site Scripting (Stored)

A Cross Site Scripting (Stored) vulnerability exists in Online Job Portal 1.0 which allows an attacker to inject malicious JavaScript code into the application. An attacker can exploit this vulnerability by crafting a malicious payload and submitting it to the application. The payload will be stored in the application and will be executed when the page is loaded.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the application. Additionally, the application should be configured to use a secure Content Security Policy (CSP) to prevent malicious code from being executed.
Source

Exploit-DB raw data:

# Exploit Title: Online Job Portal 1.0 Cross Site Scripting (Stored)
# Google Dork: N/A
# Date: 2020/10/17
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/A

Proof of Concept:

1 - Open URL http://localhost/jobportal/Employer/ManageJob.php

2 - Fill in the blanks with this payload: "><script>alert (1)</script>

3 - And click submit button.

Navigation

Suggest Exploit

Services By CQR