Code-Projects Coaching Management System Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in Code-Projects Coaching Management System version 1.0. The issue resides in the complaint form page, specifically within the file '/cims/modules/student/complaint.php'. This vulnerability allows low-privileged users, such as students, to inject malicious JavaScript that is stored and executed when the complaint is viewed by higher-privileged users, like administrators or teachers. Additionally, the reply functionality is also vulnerable, enabling cross-role exploitation. The lack of proper input sanitization and output encoding, combined with missing security controls on session cookies, facilitates this vulnerability, leading to session hijacking and unauthorized access to administrative accounts.
Impact
Exploitation of this vulnerability allows for arbitrary JavaScript execution in the context of an admin user, leading to session hijacking and full administrative account takeover. The bidirectional nature of the vulnerability also allows for exploitation across multiple user roles, including students and teachers.
Reproduction
To reproduce this vulnerability, log in as a student and navigate to the complaint form page. Submit a complaint containing a script payload that exploits the cross-site scripting vulnerability. Then, log in as an admin and view the complaint, which will trigger the execution of the injected script. This can be done by accessing the incoming complaints admin page, where the payload will execute automatically, demonstrating the session hijacking aspect of the vulnerability. Alternatively, the vulnerability can be reproduced by injecting a script into the admin reply section, which will then execute when the student views the reply.
Remediation
It is recommended to sanitize and validate all user inputs, encode outputs using appropriate functions such as htmlspecialchars() in PHP, and set the HttpOnly and Secure flags on session cookies. Implementing a Content Security Policy (CSP) is also advised.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.