vendor:
Employee Management System
by:
Ankita Pal
8.8
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: Employee Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:employee_management_system:1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10 + xampp v3.2.4
2020
Employee Management System 1.0 – Stored Cross Site Scripting
An attacker can exploit this vulnerability by sending a malicious request with a payload in the First Name and Last Name fields. The payload <img src=x onerror=alert(document.cookie)> will be stored in the database and will be executed when the user visits the page.
Mitigation:
Input validation should be done on the server-side to prevent malicious code from being stored in the database.
