| عنوان | tittuvarghese CollegeManagementSystem 1.0 Reflected Cross‑Site Scripting |
|---|
| الوصف | The `fetch.php` endpoint, when handling the `fetch_subject_data` action, directly echoes the user‑supplied `department_name` POST parameter into an HTML `<td>` element without any sanitisation or output encoding:
```php
<td><?php echo $department_name.' ('.$department.')'; ?></td>
```
Because the value is reflected directly from the request body, an attacker can craft a POST request containing a malicious script in the department_name field. When the server returns this HTML snippet (typically consumed by an AJAX callback and injected into the DOM with innerHTML or jQuery’s html()), the script executes in the victim’s browser, leading to session theft, CSRF attacks, or other client‑side compromises.
Steps to Reproduce
Identify a page that sends an AJAX POST to fetch.php with action=fetch_subject_data and renders the response into the DOM.
Inject a malicious department_name value, such as <script>alert(1)</script>.
Observe that the returned HTML contains the unescaped script tag.
If the response is inserted into the page, the JavaScript executes. |
|---|
| المصدر | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/6 |
|---|
| المستخدم | Lucky ya-ya (UID 98310) |
|---|
| ارسال | 18/05/2026 06:09 PM (20 أيام منذ) |
|---|
| الاعتدال | 05/06/2026 10:10 AM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 368875 [tittuvarghese CollegeManagementSystem fetch.php department_name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|