Vehicle Service Management System – ‘Category List’ Stored Cross Site Scripting (XSS)
Exploit Title: Vehicle Service Management System – ‘Category List’ Stored Cross Site Scripting (XSS)
Exploit Author: P.L.Sanu
CVSS: 4.8 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.
1. Login to the admin panel http://localhost/vehicle_service/admin
2. Navigate to Category List section and click on Create New button.
3. Inject the below payload in Category Name input field.
4. Click on Save button.
It is recommended to sanitize all the input fields throughout the application.