itsourcecode University Management System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the itsourcecode University Management System version 1.0. The issue resides in the file '/att_single_view.php', where the 'dt' parameter is manipulated, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely, without the need for authentication, although it requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute scripts in the context of the user's browser. This could lead to the theft of cookies, session tokens, or other sensitive information, as well as performing actions on behalf of the user or redirecting them to malicious websites.

Reproduction

To reproduce this vulnerability, send a request to the '/att_single_view.php' file with a 'dt' parameter containing injected script code, such as a script tag including JavaScript payloads. The lack of proper input validation and output encoding will allow the script to execute in the browser.

Remediation

It is recommended to implement input validation and output encoding for the 'dt' parameter to prevent script injection. Additionally, a Content Security Policy (CSP) could be applied to restrict the execution of scripts.