CVE-2023-31705 PoC — Task Reminder System 跨站脚本漏洞

Source

Associated Vulnerability

Description

Reflected XSS

Readme

# CVE-2023-31705

  [description]
  A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester
  Task Reminder System 1.0 allows an authenticated user to inject
  malicious javascript into the page parameter.
 
  ------------------------------------------
 
  [Vulnerability Type]
  Cross Site Scripting (XSS)
 
  ------------------------------------------
 
  [Vendor of Product]
  Sourcecodster
 
  ------------------------------------------
 
  [Affected Product Code Base]
  Task Reminder System - 1.0
 
  ------------------------------------------
 
  [Affected Component]
  http://localhost/php-trs/admin/ [page parameter]
 
  ------------------------------------------
 
  [Attack Type]
  Remote
 
  ------------------------------------------
 
  [Attack Vectors]
  To exploit, an attacker must authenticate to the application. After which the following URL may be input into the browser to show proof of concept: http://localhost/php-trs/admin/?page=reminders%2Fmanage_reminder28988'%3Balert(1)%2F%2F689&id=10
 
  ------------------------------------------
 
  [Reference]
  s://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
 
  ------------------------------------------
 
  [Discoverer]
  William David Mathisen (d34dun1c02n)

File Snapshot

 [4.0K]  /data/pocs/56512583f0a66c188bc6c1d65710eec87ed7bd48
└── [1.3K]  README.md

0 directories, 1 file

Remarks