PHPGurukul Nipah Virus Testing Management System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in version 1.0 of the PHPGurukul Nipah Virus Testing Management System. The issue resides in the search-report.php file, where the serachdata parameter is not properly sanitized, allowing attackers to inject malicious JavaScript that executes in the context of the user’s browser. This vulnerability could be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to the search-report-result.php endpoint with a payload in the serachdata parameter that includes JavaScript, such as a script tag. This can be done manually or using a tool that automates the process, such as a web vulnerability scanner or a custom script.

Remediation

No specific remediation is known, but general XSS mitigation techniques should be applied, such as input validation, output encoding, and implementing a Content Security Policy.