Life Insurance Management System 1.0 - Multiple Stored XSS

EDB-ID:

49395

CVE:

N/A




Platform:

PHP

Date:

2021-01-08


# Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS
# Date: 4/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: linux / Lamp

Click on add payment once logged in. Put <script>alert(1)</script> and so on in all parameters. You will notice popup once you navigate to payments.