header-logo
Suggest Exploit
vendor:
Life Insurance Management System
by:
Arnav Tripathy
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Life Insurance Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux/LAMP
2021

Life Insurance Management System 1.0 – Multiple Stored XSS

When logged in, an attacker can inject malicious JavaScript code into the 'add payment' parameters, which will be executed when the user navigates to the payments page.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the parameters.
Source

Exploit-DB raw data:

# Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS
# Date: 4/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: linux / Lamp

Click on add payment once logged in. Put <script>alert(1)</script> and so on in all parameters. You will notice popup once you navigate to payments.

Navigation

Suggest Exploit

Services By CQR