Advertisement






Budget Management System 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-2021-4037 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-03-29
CVSS EPSS EPSSP
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021030193

Below is a copy:

Budget Management System 1.0 Cross Site Scripting
# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
# Exploit Author: Jitendra Kumar Tripathi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
# Version: 1
# Tested on Windows 10 + Xampp 8.0.3

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Customer Details

*Steps to reproduce:*
 Add Budget Title
 Payload : <script>alert(1)</script>
 Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.
            

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.