header-logo
Suggest Exploit
vendor:
Laundry Booking Management System
by:
Azumah Foresight Xorlali
8,8
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Laundry Booking Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Kali Linux
2021

Laundry Booking Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

A stored cross-site scripting (XSS) vulnerability exists in Laundry Booking Management System 1.0. An attacker can inject malicious JavaScript code into the application by entering it into the address box or pasting it into the firstname and lastname fields. When a user visits the affected page, the malicious code will be executed in the user's browser.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application. Additionally, the application should be configured to use a Content Security Policy (CSP) to prevent malicious code from being executed.
Source

Exploit-DB raw data:

# Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 2021-08-19
# Exploit Author: Azumah Foresight Xorlali
# Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14400&title=Laundry+Booking+Management+System+in+PHP+with+Free+Source+Code
# Version: Version 1.0
# Category: Web Application
# Tested on: Kali Linux

Step1: Log in to the application with any valid user credentials.
Step2: Select User Management and click add new user.
Step3: Fill the required details and type "<script>alert(document.domain)</script>" in the address box  or you can it on a notepad and paste it into the firstname and lastname since it doesn't you to type special characters into those fields
Step 4:Click on  Submit

Navigation

Suggest Exploit

Services By CQR