Client Details System V1.0 welcome.php Stored Cross-Site Scripting (XSS) #7
Description
NAME OF AFFECTED PRODUCT(S)
- Client Details System
Vendor Homepage
- [Client Details System In PHP With Source Code - Source Code & Projects](https://code-projects.org/client-details-system-in-php-with-source-code/)
AFFECTED AND/OR FIXED VERSION(S)
submitter
- LiuJiying
VERSION(S)
- V1.0
Software Link
- [Client Details System In PHP With Source Code - Source Code & Projects](https://code-projects.org/client-details-system-in-php-with-source-code/)
PROBLEM TYPE
Vulnerability Type
- Stored Cross-Site Scripting (XSS)
Root Cause
The root cause is that user‑controlled data (including profile fields and uploaded filenames) is stored and later rendered in views like welcome.php using raw echo in both HTML text and attribute contexts, without context‑aware output encoding (e.g., htmlspecialchars(..., ENT_QUOTES, 'UTF-8') ), input validation, or filename normalization. This allows attacker‑supplied markup/JavaScript to persist and execute when the page is viewed, producing stored XSS; the absence of defensive headers (e.g., CSP) further increases
Impact
Arbitrary JavaScript executes in the administrator’s browser when viewing the “Client Details” page. An attacker can hijack session cookies, perform actions as the admin, exfiltrate data, inject fake UI, trigger CSRF from the admin’s context, and potentially chain further attacks (defacement, lateral movement).
DESCRIPTION
The “Client Details” listing page displays persisted user-supplied data without encoding. If an attacker saves a payload such as <script>alert(1)</script> in any displayed field (e.g., First Name, U-Name, Email, or an uploaded filename), the payload is executed when the page is loaded. The screenshot shows a JavaScript alert firing on welcome.php , evidencing successful stored XSS.
Vulnerability details and POC
Vulnerability type:
Stored Cross-Site Scripting (XSS)
Payload:
<script>alert(1)</script>
Attack results
