Product: Garage Management System
Vendor: https://www.sourcecodester.com/users/mayurik
Affected Version(s): 1.0
CVE ID: CVE-2022-36637
Description: Garage Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the "brand_name" parameter at /brand.php.
Vulnerability Type: Cross-Site Scripting
Root Cause: Parameter "brand_name" in /brand.php does not have user input sanitization.
Impact: An attacker is able to hijack authenticated users' session and act on behalf of them.
PoC: 1: After authentication, an attacker can update value of parameter "brand_name" as <script>alert(document.cookie)</script> by POST request.