SourceCodester Zoo Management System Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in SourceCodester Zoo Management System version 1.0. This issue occurs on the login page, specifically within the 'msg' parameter. The application fails to properly encode or sanitize the content of the 'msg' parameter before reflecting it back to the user. As a result, remote attackers can inject arbitrary web scripts or HTML by crafting a malicious URL.

Impact

Exploitation of this vulnerability allows for session hijacking, phishing attacks, and redirection to malicious websites.

Reproduction

To reproduce this vulnerability, deploy the Zoo Management System and navigate to the login page. Include a malicious 'msg' parameter with a JavaScript or HTML payload in the URL. The injected payload will be executed by the browser, demonstrating the cross-site scripting vulnerability.