# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS # Exploit Author: Jitendra Kumar Tripathi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html # Version: 1 # Tested on Windows 10 + Xampp 8.0.3 XSS IMPACT: 1: Steal the cookie 2: User redirection to a malicious website Vulnerable Parameters: Customer Details *Steps to reproduce:* Add Budget Title Payload : <script>alert(1)</script> Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
