PHPGurukul Student Record Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in PHPGurukul Student Record Management System versions through 1.0. The issue resides in the /edit-course.php file, specifically within the Course Short Name field. The vulnerability allows authenticated administrators to inject malicious JavaScript, which is then executed when the course is viewed or edited. This exploitation occurs due to improper input validation and output encoding, allowing injected scripts to be executed in the context of the user’s session.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of an authenticated administrator, potentially leading to session hijacking through cookie theft and unauthorized actions performed on behalf of the administrator. This compromise is persistent, affecting all users who view the modified course record.

Reproduction

To reproduce this vulnerability, log into the admin portal and navigate to the 'add course' page. In the Course Short Name field, insert a script payload, such as a script tag containing JavaScript code, such as an alert. After saving the course, go to the 'manage courses' page and edit the course. The injected JavaScript will execute, demonstrating the stored cross-site scripting vulnerability.

Remediation

To address this vulnerability, implement strict server-side input validation and sanitization for the Course Short Name field. Ensure that all user-supplied output is encoded using context-aware encoding methods, such as htmlspecialchars() in PHP, before being rendered in the browser. Additionally, consider applying a strong Content Security Policy (CSP) to mitigate the impact of any potential script injection.