Security
Headlines
HeadlinesLatestCVEs

Headline

Loan Management System 1.0 Cross Site Scripting

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#sql#xss#vulnerability#apache#php#auth
# Exploit Title: Loan Management System - Stored XSS on several parameters# Date: 28/07/2022# Exploit Author: saitamang# Vendor Homepage: sourcecodester# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip# Version: 1.0# Tested on: Centos 7 apache2 + MySQLThere are several functions and parameter affected as below:addUser.php- firstname- lastnamesave_ltype.php- ltype_name- ltype_descsave_borrower.php- firstname- middlename- lastname- addressThe payload use to inject is "/><svg/onload=alert(document.cookie)>

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass