Cyber-III Student-Management-System Cross-Site Scripting Vulnerability in Admin Add Endpoint

A reflected cross-site scripting (XSS) vulnerability exists in Cyber-III Student-Management-System versions prior to 1a938fa61e9f735078e9b291d2e6215b4942af3f. The issue is located in the Admin Add Endpoint component, specifically within the file '/admin/Add notice/notice.php'. The vulnerability arises because the script uses the unsanitized '$_SERVER["PHP_SELF"]' variable as the form action, allowing attackers to inject arbitrary JavaScript through a crafted URL. This vulnerability can be exploited remotely, requires authentication, and involves user interaction.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the admin panel with the username 'admin' and password 'admin123'. Once logged in, navigate to the '/admin/Add notice/notice.php' page. The vulnerability can be exploited by using a crafted URL that includes a script injection payload, such as a JavaScript alert. When the page is loaded with this URL, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

To address this vulnerability, sanitize the '$_SERVER["PHP_SELF"]' variable before using it in the form action. This can be done by encoding the output with 'htmlspecialchars()' to prevent script injection. Alternatively, use a static URL value instead of a dynamic one.