Campcodes Hospital Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Campcodes Hospital Management System version 1.0. The issue arises in the Edit Doctor Specialization Page, specifically within the file '/admin/edit-doctor-specialization.php'. The vulnerability allows injected scripts to be executed when the affected page is accessed, as the application fails to properly validate and sanitize user input before it is stored and later displayed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'Edit Doctor Specialization' page. Inject a script payload into the 'Doctor Specialization' field. Once the payload is submitted, it will be stored in the database. The injected script will execute whenever the 'Edit Doctor Specialization' page is accessed, demonstrating the stored cross-site scripting vulnerability.