# Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting (Stored) # Google Dork: N/A # Date: 2020/10/19 # Exploit Author: Akıner Kısa # Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system-using-php.zip # Version: 1.0 # Tested on: XAMPP # CVE : N/A Vulnerable Pages: http://localhost/loan/index.php?page=loans http://localhost/loan/index.php?page=payments http://localhost/loan/index.php?page=borrowers http://localhost/loan/index.php?page=loan_type Proof of Concept: 1 - Go to vulnerable pages and using edit button (in the right, action column). 2 - And fill the blanks with "" payload.