Loan Management System 1.0 Cross Site Scripting

`# Exploit Title: Loan Management System - Stored XSS on several parameters  
# Date: 28/07/2022  
# Exploit Author: saitamang  
# Vendor Homepage: sourcecodester  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip  
# Version: 1.0  
# Tested on: Centos 7 apache2 + MySQL  
  
There are several functions and parameter affected as below:  
  
addUser.php  
- firstname  
- lastname  
  
save_ltype.php  
- ltype_name  
- ltype_desc  
  
save_borrower.php  
- firstname  
- middlename  
- lastname  
- address  
  
The payload use to inject is "/><svg/onload=alert(document.cookie)>  
`