Headline
CVE-2022-34611: CVE-report/OFRS.md at main · As4ki/CVE-report
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “Contac #” text field.
Online Fire Reporting System v1.0 has XSS injection vulnerability
Login account: admin/admin123
vendor : https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
Vulnerability file: /ofrs/report.php
Vulnerability location: /index.php/?p=report
[+]Payload:
When the report sent by the user is mixed with malicious code, as follows
At this time, when the administrator checks the daily report, he will receive XSS attack