## 关键漏洞信息 - **标题**: SourceCodester Student Study Center Desk Management System 1.0 Cross Site Scripting in "username" parameter - **描述**: - 相关代码文件: `/sections/classes/Users.php?f=save` - XSS 参数: `username` - 在 POST 请求中,`username` 参数存在跨站脚本(XSS)漏洞。 - Payload 示例: ```html print(); ``` - **报告链接**: https://reports.kunull.vercel.app/CVE%20research/student-study-center-desk-management-system-xss-username - **来源**: https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-cop-and-mysql-db-free-source-code - **提交者**: 匿名用户 - **提交时间**: 2024-07-15 03:57 PM (11个月前) - **审核时间**: 2024-07-16 09:41 PM (1天后) - **状态**: 待定 - **VulDB 条目**: [SourceCodester Student Study Center Desk Management System 1.0 HTTP POST Request Users.php?f=save]