CVE-2023-23023 is assigned
Link: https://www.sourcecodester.com/php-ci-laundry-management-system-source-code
163 XSS vulnerabilities in this project.
The sources will be saved from the database, then they will pass to the view files.
For example,
// In application/controllers/Karyawan.php
$karyawan_id = $this->input->post('karyawan_id');
$nama_karyawan = $this->input->post('nama_karyawan');
$jeniskelamin = $this->input->post('jeniskelamin');
$alamat = $this->input->post('alamat');
$no_hp = $this->input->post('no_hp');
$gaji_perbulan = $this->input->post('gaji_perbulan');
$tgl_bergabung = $this->input->post('tgl_bergabung');
$tgl_berhenti = $this->input->post('tgl_berhenti');
$data = array(
'karyawan_id' => $karyawan_id,
'nama_karyawan' => $nama_karyawan,
'jeniskelamin' => $jeniskelamin,
'alamat' => $alamat,
'no_hp' => $no_hp,
'gaji_perbulan' => $gaji_perbulan,
'tgl_bergabung' => $tgl_bergabung,
'tgl_berhenti' => $tgl_berhenti,
'aktif' => $aktif
);
$action = $this->data_karyawan->insert_data($data,'karyawan');
// In application/views/laporan/laporan_karyawan.php
<td><?php echo $karyawan->karyawan_id ?></td>
<td><?php echo $karyawan->nama_karyawan.' ' ?><sup>(<?php echo substr($karyawan->jeniskelamin, 0, 1) ?>)</sup></td>
<td><?php echo $karyawan->alamat ?></td>
<td><?php echo $karyawan->no_hp ?></td>
<td>$<?php echo $karyawan->gaji_perbulan ?></td>
<td><?php echo $karyawan->tgl_bergabung ?></td>
<td><?php if ($karyawan->tgl_berhenti == '0000-00-00') { echo '-'; } else { echo $karyawan->tgl_berhenti; } ?></td>