XSS Attack Vulnerability in LaguController

1.Vulnerability:

In LaguController.php there no input validation.

        $title = $formData["title"];
        $release_date = $formData["release_date"];
        $singer_name = $formData["singer_name"];
        $genre = $formData["genre"];

2.Exploit

Name you song like this:

<script>alert('XSS Attack!');</script>

3.Fix

0b6daef5

When displayed in an HTML document, the special characters <, >, and ' are replaced with their HTML entities (<, >, and ', respectively). This ensures that the input does not get interpreted as HTML or script tags when rendered in the browser, thus preventing potential security vulnerabilitie

&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;

Edited by Octave Duvivier