SourceCodester Online Student Clearance System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Online Student Clearance System version 1.0. The issue arises in the file '/admin/add-student.php', where the 'Fullname' argument can be manipulated to inject malicious scripts. This vulnerability can be exploited remotely, and while the primary parameter affected is 'Fullname', other parameters may also be vulnerable.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to '/admin/add-student.php' with a payload in the 'Fullname' parameter that includes JavaScript code, such as an SVG image with an 'onload' event. The injected script will be executed, demonstrating the cross-site scripting vulnerability.