Sunnygkp10 Online Exam System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in the sunnygkp10 Online Exam System in the master version. This issue allows remote attackers to inject malicious scripts that can be executed in the context of the user's browser. The vulnerability is triggered through the 'w' parameter in the URL, where the injected script can be used to steal sensitive information, such as cookies.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the 'index.php' page of the Online Exam System. Append the 'w' parameter to the URL with a value that includes a script injection, such as a JavaScript alert. The injected script will execute, demonstrating the cross-site scripting vulnerability.