Vulners
Lucene search
📄 Computer Laboratory Management System 1.0 Cross Site Scripting
# Stored Cross-Site Scripting (XSS) in Computer Laboratory Management System v1.0
## Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System v1.0. The application fails to properly sanitize user-supplied input in the **First Name** and **Last Name** fields of the user profile functionality. An authenticated attacker can inject malicious JavaScript code that is permanently stored by the application and executed whenever the affected profile information is rendered.
Successful exploitation of this vulnerability may allow attackers to execute arbitrary JavaScript in the context of a victim's browser, potentially leading to session hijacking, account takeover, credential theft, and unauthorized actions.
## Vulnerability Details
* Product Name: Computer Laboratory Management System
* Version: 1.0
* Vulnerability Type: Stored Cross-Site Scripting (Stored XSS)
* CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
## Affected Component
* My Account Profile Management
* First Name Parameter
* Last Name Parameter
## Steps to Reproduce
1. Log in to the application using valid administrative credentials.
2. Navigate to the **My Account** page.
3. Click on **Edit Profile** or update the account details.
4. Insert the following payload into the **First Name** field:
<script>alert(document.domain)</script>
5. Insert the following payload into the **Last Name** field:
<script>alert(document.cookie)</script>
6. Save the profile changes.
7. Refresh the page or revisit the profile section where the user information is displayed.
8. Observe that the injected JavaScript payload executes in the browser.
9. The payload remains stored within the application and is executed each time the affected profile data is rendered, confirming the presence of a Stored Cross-Site Scripting (Stored XSS) vulnerability.
## Impact
An attacker can store arbitrary JavaScript code within the application. When the malicious content is viewed, the script executes in the victim's browser context, potentially resulting in:
* Session Hijacking
* Cookie Theft
* Credential Theft
* Account Takeover
* Privilege Escalation
* Unauthorized Actions Performed on Behalf of Victims
* Phishing Attacks
* Defacement of Application Content
## Remediation
* Implement strict server-side input validation.
* Apply context-aware output encoding before rendering user-supplied data.
* Utilize a strong Content Security Policy (CSP).
* Sanitize all user-controlled input fields.
* Avoid rendering raw HTML or JavaScript supplied by users.
## References
* CWE-79: Cross-Site Scripting (XSS)
* OWASP Cross-Site Scripting Prevention Cheat Sheet
## Credits
Discovered and Reported by: Subodh Sharma
## Vendor
Computer Laboratory Management System v1.0Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Jun 2026 00:00Current
4.9Medium risk
Vulners AI Score4.9