# Exploit Title: Stored XSS in Curfew e-Pass Management # Date: 2/1/2021 # Exploit Author: Arnav Tripathy # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Windows 10/Wamp 1)Log into the application 2)Click on pass then click add a pass 3) Put in the Full name parameter , rest all fill whatever you want. 4)Now go to manage passes, view the pass you just created. 5)You'll get popup of alert 6)It is persistent , so it's a stored xss.