SQLI/stored XSS vulnerabilities

Brought to you by: bluenotemkvi

#18 SQLI/stored XSS vulnerabilities

Milestone: v1.04

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2024-05-07

Created: 2022-12-04

Creator: ac

Private: No

To the developers,

In the progress of our security research project, we found SQLI/stored XSS vulnerabilities in version 1.0.4 of the application. SQLI Related files: groupadmin.php, officeadmin.php. stored XSS related files: display.php, leftmain.php, timeedit.php

Please contact us at ca224test@gmail.com, so we can provide reproducing steps of the vulnerabilities.
Thank you.

Discussion

ac - 2024-05-07

we further found request race vulnerabilities in version 1.0.4 of the application. Please contact us at ca224test@gmail.com, so we can provide reproducing steps of the vulnerabilities.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SQLI/stored XSS vulnerabilities

Group

Searches

Help

#18 SQLI/stored XSS vulnerabilities

Discussion