Hostel Management System version 2.1 suffers from a cross site scripting vulnerability.
64f609e473a38b980fd3073277aeb2c0
# Exploit Title: Hostel Management System 2.1 - Cross Site Scripting (XSS)
# Date: 26/12/2021
# Exploit Author: Chinmay Vishwas Divekar
# Vendor Homepage: https://phpgurukul.com/hostel-management-system/
# Software Link: https://phpgurukul.com/hostel-management-system/
# Version: V 2.1
# Tested on: PopOS_20.10
*Steps to reproduce*
1) Open book-hostel page using following url https://localhost/hostel/book-hostel.php
2) Enter xss payload <img src=x onerror=alert(String.fromCharCode(88,83,83));> on various input fields.
3) Server Accepted our Payload in input fileds.
Affected input fields: Correspondence Address, Guardian Relation, Permanent Address