Code-Projects Client Details System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Client Details System version 1.0. This issue arises when customer information is being added; the system automatically populates the username field with malicious JavaScript code. Consequently, when an administrator views this customer information, it could lead to the unintentional disclosure of the administrator's cookie data.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, add a new customer and input malicious JavaScript into the username field. Once the information is saved, the injected script will execute when the administrator views the customer details, potentially leading to cookie theft.