Sourcecodester Link Status Checker Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Sourcecodester Link Status Checker version 1.0. The issue arises in the 'Enter URLs to check' input field, where user-supplied data is not properly sanitized. This flaw allows remote attackers to inject arbitrary HTML or JavaScript, which is executed in the context of the user's browser after clicking the 'Check URLs' button.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user, potentially leading to cookie or session token theft, in-page phishing, credential harvesting, or malware distribution.

Reproduction

To reproduce this vulnerability, enter a malicious payload into the 'Enter URLs to check' input field. After submitting the form by clicking the 'Check URLs' button, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

To address this vulnerability, implement input validation and sanitization to ensure that user-supplied data is properly encoded before being rendered. Additionally, consider applying a Content Security Policy (CSP) to restrict script sources and prevent the execution of inline scripts.