Campcodes Division Regional Athletic Meet Game Result Matrix System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System version 2.1. The issue arises in the save_up_athlete.php file, where the a_name parameter is not properly sanitized, allowing attackers to inject malicious scripts. These scripts can be executed in the browsers of users who access the affected profiles, potentially compromising their security and privacy.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected profile.

Reproduction

To reproduce this vulnerability, navigate to the save_up_athlete.php page and enter a script payload into the a_name parameter. Once the page is refreshed, the injected script will execute, demonstrating the cross-site scripting vulnerability.