1000 Projects Bookstore Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Bookstore Management System version 1.0. The issue resides in the file process_book_add.php, within the Add Book Page component. The vulnerability is triggered by manipulating the 'Book Name' argument, allowing for the injection of malicious scripts that are executed when the book is viewed. This vulnerability can be exploited remotely and has been disclosed publicly.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the book.

Reproduction

To reproduce this vulnerability, log into the admin panel with the credentials 'admin' for both the username and password. Navigate to the 'Book' section and select 'Add Book'. After adding a book with a name that includes the script payload, go to 'Book' → 'View Book' to see the injected script executed.

Remediation

It is recommended to implement input validation and sanitization to properly handle user inputs before storing them in the database. Additionally, escape output before rendering it on the page to prevent script execution.