CVE-2023-23025 is asigned
Link: https://www.sourcecodester.com/php-codeigniter-hotel-management-system-source-code
22 XSS vulnerabilities in this project.
Sources will be saved in the database, then it will be printed without sanitization in the view files.
For example,
// In application/controllers/restaurant.php
$restaurantName = $this->input->post("restaurantName");
$restaurantOpenTime = $this->input->post("restaurantOpenTime");
$restaurantCloseTime = $this->input->post("restaurantCloseTime");
$restaurantDetails = $this->input->post("restaurantDetails");
$tableCount = $this->input->post("tableCount");
$this->restaurant_m->addRestaurant($restaurantName, $restaurantOpenTime, $restaurantCloseTime, $restaurantDetails, $tableCount);
// In application/views/restaurant/edit.php
<input type="text" id="restaurantName" name="restaurantName" required value="<?=$restaurant->restaurant_name?>" placeholder="Restaurant Name"/>
<textarea type="text" id="restaurantDetails" name="restaurantDetails" required placeholder="restaurant Details">
<?=$restaurant->restaurant_details?>
</textarea>