SourceCodester Doctor Appointment System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SourceCodester Doctor Appointment System version 1.0. This issue arises from improper handling of user input in the registration process, specifically in register.php. The vulnerability allows injected JavaScript to be executed in the context of an administrator's browser, potentially leading to a takeover of the administrative account.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of an administrator's browser, which could be used to take over the admin account.

Reproduction

To reproduce this vulnerability, register as a new user on the Doctor Appointment System. During the registration process, input a JavaScript payload, such as a script tag including JavaScript code, into the first name, last name, and email fields. After completing the registration, log in as an admin and navigate to the user management interface. The injected script will be executed, demonstrating the cross-site scripting vulnerability.