Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
Jul 3rd 2021
Stored xss in pageTransferOwnership.php where sourceMemberID parameter leads to xss which gets stored in pageViewRecords.php
🕵️♂️ Proof of Concept
Steps to reproduce: 1. Go to admin account 2. Visit URL <localhost>/app/admin/pageTransferOwnership.php?sourceGroupID=2&sourceMemberID="><script>alert(1)</script>
This vulnerability is capable of Stored XSS.