Courier Management System 1.0 - 'First Name' Stored XSS

vendor:

Courier Management System

by:

Zhaiyi (Zeo)

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: Courier Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:courier_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Web Application

2020

Courier Management System 1.0 – ‘First Name’ Stored XSS

Courier Management System 1.0 is vulnerable to stored XSS. An attacker can exploit this vulnerability by logging in to the CMS with any valid user credentials, clicking on the logged in username on header and selecting Manage Account, renaming the user First Name or Last Name to '<script>alert(1111)</script>', updating the profile and this will trigger the XSS. Logging out and logging in again will display the domain name.

Mitigation:

Input validation should be done to prevent malicious scripts from being executed.

Source

Exploit-DB raw data:

# Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS
# Exploit Author: Zhaiyi (Zeo)
# Date: 2020-12-11
# Google Dork: N/A
# Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application

Step 1: Log in to the CMS with any valid user credentials.
Step 2: Click on the logged in username on header and select Manage Account.
Step 3: Rename the user First Name or Last Name to
"<script>alert(1111)</script>".
Step 4: Update Profile and this will trigger the XSS.
Step 5: Logout and login again and the page will display the domain name.