ZeroWdd Studentmanager Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in ZeroWdd Studentmanager version 1.0. The issue arises in the 'submitAddRole' function within the 'RoleController' file, where the input parameter 'name' is not properly sanitized. This lack of input validation allows for the injection of malicious scripts, which can be executed in the context of the user's browser. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the application with administrative credentials. Navigate to the role management section and initiate the process to add a new role. In the 'name' input field, insert a payload consisting of an image tag with an 'onerror' event handler. Once the payload is submitted, the injected script will execute, demonstrating the cross-site scripting vulnerability.