SourceCodester My Food Recipe Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester My Food Recipe version 1.0. The issue occurs in the 'Add Recipe' feature, specifically within the 'addRecipeModal' function of the '/endpoint/add-recipe.php' file. The vulnerability arises because user input for the 'Name' argument is not properly sanitized before being saved and displayed, allowing the execution of arbitrary JavaScript in the context of other users' sessions. This vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript payloads when the affected recipe data is viewed, confirming the presence of a persistent cross-site scripting issue.

Reproduction

To reproduce this vulnerability, open the 'Add Recipe' modal and insert a script tag payload into the 'Recipe Name' field. After filling out the other required fields, submit the form. The injected script will execute when the recipe is viewed, demonstrating the stored cross-site scripting vulnerability.