SourceCodester Time Tracker Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in SourceCodester Time Tracker version 1.0. The issue arises in the project name input field within the index.html file. This vulnerability allows remote attackers to inject malicious JavaScript that executes immediately in the context of the user's browser. The root cause is improper sanitization of user input, which is directly reflected into the DOM using innerHTML, creating an opportunity for script execution.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the user's browser.

Reproduction

To reproduce this vulnerability, enter a malicious payload, such as an image tag with an onerror event, into the project name field. Upon submission, the injected script will execute immediately, demonstrating the cross-site scripting vulnerability.