Skip to content

Instantly share code, notes, and snippets.

@senzee1984

senzee1984/CVE-2022-36637.md

Created September 2, 2022 20:01
Show Gist options
  • Save senzee1984/7cc5d3cc8d02d5a1e68dc67c916aaa1d to your computer and use it in GitHub Desktop.
Save senzee1984/7cc5d3cc8d02d5a1e68dc67c916aaa1d to your computer and use it in GitHub Desktop.
Download ZIP
Public Reference for CVE-2022-36637
Raw
CVE-2022-36637.md

Product: Garage Management System

Vendor: https://www.sourcecodester.com/users/mayurik

Affected Version(s): 1.0

CVE ID: CVE-2022-36637

Description: Garage Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the "brand_name" parameter at /brand.php.

Vulnerability Type: Cross-Site Scripting

Root Cause: Parameter "brand_name" in /brand.php does not have user input sanitization.

Impact: An attacker is able to hijack authenticated users' session and act on behalf of them.

PoC: 1: After authentication, an attacker can update value of parameter "brand_name" as <script>alert(document.cookie)</script> by POST request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment