Employee performance evaluation system 1.0 task and description persistent cross site scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-08 | Type : webapps | Platform : php
This exploit / vulnerability Employee performance evaluation system 1.0 task and description persistent cross site scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
# Date: 08/12/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Steps to Reproduce:
1) Login with Admin Credentials and click on 'Task' button.
2) Click on Add New Task Button.
3) Now add the following payload input field of Task and Description

Payload: ritesh"><img src=x onerror=alert(document.domain)>

4) Click On Save
5) XSS payload is triggered.

Employee performance evaluation system 1.0 task and description persistent cross site scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Employee performance evaluation system 1.0 task and description persistent cross site scripting Vulnerability / Exploit