Code-Projects Online Product Reservation System Cross-Site Scripting Vulnerability

A reflected cross-site scripting (XSS) vulnerability has been identified in Code-Projects Online Product Reservation System version 1.0. The issue arises in the file 'handgunner-administrator/prod.php', where user-supplied input in the 'cat' parameter is not properly sanitized before being output into JavaScript. This allows remote attackers to execute arbitrary JavaScript in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the victim's browser. This could be used to steal cookies or session information.

Reproduction

To reproduce this vulnerability, send a request to 'handgunner-administrator/prod.php' with a 'cat' parameter that includes unescaped JavaScript, such as a script tag or a JavaScript payload. The lack of input sanitization will result in the injected script being executed in the browser.