Institute of Current Students Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Institute of Current Students PHP Project version 1.0. The issue resides in the qureydetails.php page, where the Query and Answer input fields fail to adequately sanitize user input. This vulnerability allows authenticated users with faculty-level access to inject arbitrary JavaScript, which is then executed when other users access the page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page. This could lead to a full compromise of the user's session.

Reproduction

To reproduce this vulnerability, an authenticated user with faculty-level access can navigate to the 'Edit' functionality on the qureydetails.php page. Here, they can inject malicious JavaScript into the Query or Answer input fields. Once submitted, the injected script will be executed when the page is accessed by other users.