Phpgurukul Vehicle Record Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Phpgurukul Vehicle Record Management System version 1.0. The issue resides in the 'brandname' parameter of the '/admin/add-brand.php' file, where user input is not properly validated or sanitized. This flaw allows attackers to inject malicious scripts that are executed in the context of the user's browser when they view the affected data.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the data.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the 'Add Brand' section. Intercept the POST request to 'add-brand.php' using a tool like Burp Suite. Inject a script payload into the 'brandname' parameter and submit the request. Then, go to the 'Manage Brand' section and edit the entry to trigger the XSS payload execution.