Employee Performance Evaluation System version 1.0 suffers from a persistent cross site scripting vulnerability.
4d1ffa5f892dd086e290f6c9a4de9b1797f3c7cb61722d70f9519527a3acfe60# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
# Date: 08/12/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux
Steps to Reproduce:
1) Login with Admin Credentials and click on 'Task' button.
2) Click on Add New Task Button.
3) Now add the following payload input field of Task and Description
Payload: ritesh"><img src=x onerror=alert(document.domain)>
4) Click On Save
5) XSS payload is triggered.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed