Vulnerable path /app/process_update_profile.php
Lines 32-37 of the "process_update_profile.php" file,there is no filtering,so cause Cross Site Script.
In fact,the filter was forgot.Another file has a filter . Its path /app/process_registration.php
The data is safe when user register,but it is unsafe after update.
Vulnerability exploitation process:
register a new account.
login the user and click "update profile".
input poc and submit.
The administrator will trigger it.
List of Vulnerable path
Vulnerable path /app/process_update_profile.php



Lines 32-37 of the "process_update_profile.php" file,there is no filtering,so cause Cross Site Script.
In fact,the filter was forgot.Another file has a filter . Its path /app/process_registration.php
The data is safe when user register,but it is unsafe after update.
Vulnerability exploitation process:
register a new account.






login the user and click "update profile".
input poc and submit.
The administrator will trigger it.
POC code:
The text was updated successfully, but these errors were encountered: