Title:Sourcecodester Vehicle Service Management System 跨站脚本漏洞 (CVE-2021-46068) Description:Sourcecodester Vehicle Service Management System是开源的一个PHP 项目。用于汽车维修/服务店或企业的简单 Web 应用程序。 Sourcecodester Vehicle Service Management System 1.0版本存在跨站脚本漏洞,该漏洞源于该漏洞源于软件的登录面板的我的账户部分缺少有效的过滤和转义,导致存储型跨站点脚本漏洞。
Description
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
File Snapshot
id: CVE-2021-46068
info:
name: Vehicle Service Management System - Stored Cross-Site Scripting
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.