PHPGurukul COVID19 Testing Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in PHPGurukul COVID19 Testing Management System version 1.0. This issue arises in the 'Take Action' feature on the '/test-details.php' page, where the 'remark' field can be manipulated to inject malicious scripts. These scripts are permanently stored in the application's database and executed when users view the affected test details, potentially leading to various security risks such as session hijacking, defacement, redirection to malicious sites, malware distribution, and data theft.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the test details.

Reproduction

To reproduce this vulnerability, navigate to the 'test-details.php' page and locate the 'remark' field under the 'Take Action' feature. Inject an XSS payload, such as a script tag containing JavaScript code, and submit the form. The injected script will execute when the test detail page is viewed again.