Code-Projects Online Class and Exam Scheduling System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Online Class and Exam Scheduling System version 1.0. The issue resides in the 'department.php' page, where the 'id', 'code', and 'name' parameters are vulnerable to XSS attacks. This vulnerability allows attackers to inject malicious scripts that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser. This could lead to theft of administrator login credentials or the creation of phishing websites.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'department.php' page. Once there, append a script injection payload into the 'id', 'code', or 'name' parameters. The injected script will be executed, demonstrating the cross-site scripting vulnerability.