SourceCodester Employee Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester Employee Management System version 1.0. The issue resides in the 'employee.php' file, where the 'Full Name' input field fails to properly validate or sanitize user input. This allows attackers to inject malicious scripts, which are then stored in the database and executed whenever the 'employee.php' page is accessed. The vulnerability could lead to session hijacking, unauthorized content modification, or other malicious activities.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the 'employee.php' page.

Reproduction

To reproduce this vulnerability, navigate to the 'employee.php' page and use the 'Full Name' field to input a script payload, such as a JavaScript alert script. Once submitted, the injected script will be executed when the page is accessed, demonstrating the cross-site scripting vulnerability.