Code-Projects Employee Record System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Employee Record System version 1.0. The issue resides in the dashboard/edit_employee.php file, where user input in the employeed_id, first_name, middle_name, and last_name fields is not properly sanitized before being output, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the dashboard/edit_employee.php page. Input a script or malicious payload into the employeed_id, first_name, middle_name, or last_name fields. Once the input is submitted, the injected script will be executed, demonstrating the cross-site scripting vulnerability.