XSS in employees-payroll

CVE-2023-23022.md

CVE-2023-23022 is assigned

Link: https://www.sourcecodester.com/php/15430/employees-payroll-management-system-php-using-codeigniter-4-free-source-code.html

59 second order XSS vulnerabilities.

For example,

In file ci4_payroll\app\Controllers\Main.php code, title, from_date and to_date are extracted from $this->request->getPost().

public function payroll_edit($id=''){
    if($this->request->getMethod() == 'post'){
        extract($this->request->getPost());
        $udata= [];
        $udata['code'] = $code;
        $udata['title'] = $title;
        $udata['from_date'] = $from_date;
        $udata['to_date'] = $to_date;
        //...
        $this->payroll_model->where('id',$id)->set($udata)->update();
        //...
    }
    $this->data['page_title']="Edit Payroll";
    $this->data['payroll'] = $this->payroll_model->where("id ='{$id}'")->first();
    return view('pages/payrolls/edit', $this->data);
}

Then it will be printed in the edit view, in file ci4_payroll\app\Views\pages\payrolls\edit.php

<div class="mb-3">
<label for="code" class="control-label">Code</label>
<input type="text" class="form-control rounded-0" id="code" name="code" autofocus placeholder="Payroll Code" value="<?= isset($payroll['code']) ? $payroll['code'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="title" class="control-label">Title</label>
<input type="text" class="form-control rounded-0" id="title" name="title"  placeholder="Payroll Title" value="<?= isset($payroll['title']) ? $payroll['title'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="from_date" class="control-label">Date From</label>
<input type="date" class="form-control rounded-0" id="from_date" name="from_date"value="<?= isset($payroll['from_date']) ? $payroll['from_date'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="to_date" class="control-label">Date To</label>
<input type="date" class="form-control rounded-0" id="to_date" name="to_date"value="<?= isset($payroll['to_date']) ? $payroll['to_date'] : '' ?>" required="required">
</div>

23 first order XSS vulnerabilities.

For example:

In file ci4_payroll\app\Controllers\Main.php

public function __construct(){
    //...
    $this->data = ['session' => $this->session,'request'=>$this->request];
}

public function user_add(){
    //...
    return view('pages/users/add', $this->data);
}
// In pages/users/add.php
<?= !empty($request->getPost('name')) ? $request->getPost('name') : '' ?>

public function department_add(){
    //...
    return view('pages/departments/add', $this->data);
}
// In pages/departments/add.php
<?= !empty($request->getPost('code')) ? $request->getPost('code') : '' ?>