Cross Site Scripting
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.
Path URL: php-lms/admin/?page=system_info
Parameters: System name (name), System short name (shortname)
Input payload <script>alert(1337)</script> into System name name and save it.
After saving, the pop-up windows like will appear:
