SourceCodester Employee Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester's Employee Management System version 1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript on the add_employee.php page by injecting a malicious script into the First Name or Address text fields. The issue arises because the application does not properly sanitize user input, enabling the execution of scripts in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of users accessing the affected page.

Reproduction

To reproduce this vulnerability, log into the Employee Management System and navigate to the 'Employee' section. Click the 'Add Employee' button to access the form. Inject a script, such as a JavaScript alert, into the First Name or Address fields and submit the form. The injected script will be executed when the employee record is viewed.