Employee Performance Evaluation System 1.0 Cross Site Scripting

2020-12-08T00:00:00
ID PACKETSTORM:160403
Type packetstorm
Reporter Ritesh Gohil
Modified 2020-12-08T00:00:00

Description

                                        
                                            `# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting  
# Date: 08/12/2020  
# Exploit Author: Ritesh Gohil  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html  
# Version: 1.0  
# Tested on: Windows 10/Kali Linux  
  
Steps to Reproduce:  
1) Login with Admin Credentials and click on 'Task' button.  
2) Click on Add New Task Button.  
3) Now add the following payload input field of Task and Description  
  
Payload: ritesh"><img src=x onerror=alert(document.domain)>  
  
4) Click On Save  
5) XSS payload is triggered.  
`