Code-Projects Job Recruitment Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Job Recruitment version 1.0. The issue resides in the file '/_parse/_feedback_system.php', where the 'type' parameter is echoed without proper sanitization, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely, and has been publicly disclosed along with a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to '/_parse/_feedback_system.php' with the 'type' parameter containing a script tag, such as '<script>alert(1);</script>'. Include a valid session cookie to mimic an authenticated user.