XSS Attack Vulnerability in LaguController
1.Vulnerability:
In LaguController.php there no input validation.
$title = $formData["title"];
$release_date = $formData["release_date"];
$singer_name = $formData["singer_name"];
$genre = $formData["genre"];
2.Exploit
Name you song like this:
<script>alert('XSS Attack!');</script>
3.Fix
When displayed in an HTML document, the special characters <, >, and ' are replaced with their HTML entities (<, >, and ', respectively). This ensures that the input does not get interpreted as HTML or script tags when rendered in the browser, thus preventing potential security vulnerabilitie
<script>alert('XSS Attack!');</script>
Edited by Octave Duvivier