SourceCodester Food Menu Manager Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Food Menu Manager version 1.0. The issue resides in the Add Menu Handler component within the index.php file. This vulnerability allows for the injection of malicious scripts into the name and description parameters, which are not properly sanitized before being displayed to users. As a result, these scripts could be executed in the context of the user's browser, potentially compromising their security and privacy.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the 'Manage Menus' section in the Food Menu Manager application. Select 'Add Menu' and enter a script payload into the 'Menu Name' and 'Description' fields. After submitting the form, the injected script will execute when the page is refreshed.