GetProjectsIdea Create School Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in GetProjectsIdea's Create School Management System version 1.0. The issue resides in the profile update form, specifically within 'my_profile_update_form1.php'. The application fails to properly sanitize user input, allowing malicious JavaScript to be injected and stored in the database. This script is executed when the profile or dashboard is viewed, impacting both students and administrators.

Impact

Exploitation of this vulnerability allows for session hijacking, phishing, credential harvesting, keystroke logging, page defacement, privilege escalation if viewed by an admin, and the execution of arbitrary actions on behalf of the victim.

Reproduction

To reproduce this vulnerability, log in as a student and navigate to the profile update form 'my_profile_update_form1.php'. Inject a script, such as one that alerts the document cookies, into an editable field. After submitting the form, visit the 'My Profile' or 'Dashboard' pages. The injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

It is recommended to sanitize and escape all user input before storing it and when outputting it. Using functions like 'htmlspecialchars()' can help render data safely. Additionally, adopting a security-focused templating engine, applying a Content Security Policy to block inline scripts, and conducting regular code reviews and security audits are advisable.