Skip to content

Akhlak2511/CVE-2024-50969

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-50969

Description

A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.

Vulnerability Type

Cross Site Scripting (XSS)

Vendor of Product

Code-projects

Affected Product Code Base:

https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/ - 1.0

Affected Component:

browse.php

Attack Vectors:

  1. Set up the application locally
  2. Navigate to the following URL in your web browser: http://localhost/jonnysLiquor-master/
  3. In the search input field of the application, enter the following payload: "><script>alert(1)</script>
  4. After submitting the input, the script executes in the browser, confirming the reflected XSS vulnerability.

Reference:

  1. https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/
  2. https://owasp.org/www-community/attacks/xss/
  3. https://portswigger.net/web-security/cross-site-scripting/reflected

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published