Code-Projects Employee Record System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Employee Record System version 1.0. The issue resides in the 'current_employees.php' file, where user-supplied input in the 'employeed_id', 'first_name', 'middle_name', and 'last_name' arguments is not properly sanitized before being output, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the 'current_employees.php' page and input a script into one of the vulnerable fields: 'employeed_id', 'first_name', 'middle_name', or 'last_name'. The injected script will be executed, demonstrating the cross-site scripting vulnerability.