Code-Projects Employee Management System Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in Code-Projects Employee Management System version 1.0. The issue arises in the file 'changepassemp.php', where the 'id' argument can be manipulated to inject attacker-controlled content. This injected content is executed as JavaScript in the context of the user's browser. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected JavaScript is executed in the victim's browser. This could lead to session hijacking, account takeover, or phishing by manipulating the user interface.

Reproduction

To reproduce this vulnerability, send a GET request to 'changepassemp.php' with a crafted 'id' parameter that includes JavaScript payloads, such as an event handler injection. The injected script will execute when the link is hovered over, demonstrating the cross-site scripting vulnerability.