# Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)
# Date: 2021-10-03
# Exploit Author: Jordan Glover
# Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12684&title=Young+Entrepreneur+E-Negosyo+System+in+PHP+Free+Source+Code
# Version: v1.0
# Tested on: Windows 10 + XAMPP v3.3.0
Young Entrepreneur E-Negosyo System 1.0 suffers from a Cross Site Scripting (XSS) vulnerability.
Step 1 - Create a new product to sell - http://localhost/bsenordering/admin/products/index.php?view=add
Step 2 - Fill out all required fields to create a new product. Input a payload in the product description field - <script>alert(document.cookie)</script>
Step 3 - Save the product.
The stored XSS triggers for all users that navigate to the home page.