Description itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
Vulnerability Type: Cross Site Scripting (XSS)
Vendor of Product: itsourcecode
Affected Product Code Base: https://itsourcecode.com/free-projects/php-project/loan-management-system-project-in-php-with-source-code/ - 1.0
Affected Component: Loan Management System v1.0
Attack Vectors:
- Open the Loan Management System application locally.
- Log in to the application.
- Navigate to the "Borrower" section and click on the "New Borrower" functionality.
- Input the XSS payload <script>alert(1)</script> into the following
Reference: https://owasp.org/www-community/attacks/xss/