SourceCodester Web-Based Pharmacy Product Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester Web-Based Pharmacy Product Management System version 1.0. The issue arises in the file changepassword.php, where user input from the POST parameters txtconfirm_password, txtnew_password, and txtold_password is not properly sanitized before being displayed. This allows attackers to inject malicious scripts that are executed when the affected page is viewed. The vulnerability can be exploited remotely, affecting all users who access the compromised page.

Impact

Exploitation of this vulnerability allows for persistent execution of malicious scripts in the context of the user viewing the affected page. This could lead to session hijacking through cookie theft, phishing attacks by altering page content, defacement of the application interface, and potential privilege escalation by compromising the admin interface.

Reproduction

To reproduce this vulnerability, send a crafted POST request to the changepassword.php file, including the XSS payload in the txtconfirm_password, txtnew_password, or txtold_password fields. Once the payload is submitted, it will be executed when the page is loaded.

Remediation

To address this vulnerability, implement proper output encoding for user input using functions like htmlspecialchars() before displaying it. Additionally, validate all input to ensure it meets expected formats, particularly for fields like email. Consider adopting a web security framework that handles XSS protection automatically, and provide security training for developers on best practices for input validation and output encoding.