Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
69c15061f1341d5b67f0075fcd3b91a2
# Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS
# Date: 4/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: linux / Lamp
Click on add payment once logged in. Put <script>alert(1)</script> and so on in all parameters. You will notice popup once you navigate to payments.