Phpgurukul Maid Hiring Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting (XSS) vulnerability has been identified in Phpgurukul Maid Hiring Management System version 1.0. The issue resides in the 'maid-hiring.php' file, specifically within the name field. This vulnerability allows a regular user to inject a script that is executed when an admin views the application details, potentially leading to session hijacking or credential theft.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript in the admin's browser, with a high risk of session hijacking or theft of administrative credentials.

Reproduction

To reproduce this vulnerability, submit a job application through the 'maid-hiring.php' page, including a blind XSS payload in the name field. Once the application is submitted, log in as an admin and navigate to the 'New Request' section. View the details of the application where the payload was injected to trigger the XSS execution.

Remediation

It is recommended to sanitize input fields, apply output encoding, and implement Content Security Policy (CSP) headers.