Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

Employee Performance Evaluation System v1.0 — Persistent Cross-Site Scripting (XSS) — ‘Departments and Designations Module’.

Musings of Ghojaria
Dec 17, 2022

--

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module.

Vendor of Product :
https://www.sourcecodester.com

Steps to Reproduce :

Step 1: Login with Admin Credentials and click on the ‘Designations or Departments’ button.

Step 2: Click on Add New Button.

Step 3: Now add the following payload in the input field of Department (for Department Tab) / Designation (for Designation Tab) and Description.

Payload : <svg/onload=prompt(/ISAGHOJARIA/)>

Step 4: Click On Save

Step 5: XSS payload is triggered.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Musings of Ghojaria
Musings of Ghojaria

Written by Musings of Ghojaria

5 Followers
3 Following

YouTube Channel : https://www.youtube.com/channel/UC6h3fceN0EFDZrsgPLTSxTQ

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech