The Language Sloth Web Application Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in The Language Sloth Web Application version 1.0. This vulnerability allows authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the 'Description' text field while creating a new project. Once the payload is injected, it is executed every time the page is opened.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, log into The Language Sloth Web Application version 1.0. Create a new project and inject a script payload, such as a simple alert script, into the 'Description' text field. Once the project is saved, the injected script will execute each time the project page is viewed.