Code-Projects Laundry System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Code-Projects Laundry System version 1.0. The issue resides in the file '/data/insert_type.php', where the 'type' parameter is not properly validated, allowing attackers to inject malicious scripts. This injected code is then executed in the context of the user's browser, potentially leading to session hijacking and unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed in the context of the user, potentially leading to session hijacking and unauthorized access to sensitive information.

Reproduction

To reproduce this vulnerability, submit a form on the 'New Laundry Type' page with the 'Laundry Type' field containing a script payload, such as '<script>alert(1)</script>'. After submitting the form, the injected script will be executed, demonstrating the cross-site scripting vulnerability.