Description

Reflected Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System. 
It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.

Impact:

Attackers often leverage XSS to steal session cookies and impersonate the user. Attackers can also use XSS to deface websites, spread malware, phish for user credentials, support social engineering techniques, and more.

Affected components

Affected File: index.php
Affected Parameter: page

Vendor URL

<https://www.sourcecodester.com>

Product URL

<https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html>

Screenshot for poc

  1. Login http://localhost/task-system/login.php.
  2. insert xss payload: <script>alert(1)</script> on parameter page=.
  3. Enter and observe as the xss payload executes.

Untitled