Online Book Shop Using PHP has Cross-Site Scripting (XSS) vulnerability via $subcatnm paremeter in /booklist.php.
https://code-projects.org/online-book-shop-using-php-source-code/
/booklist.php - $subcatnm paremeter.
In the /booklist.php file, an unrestricted Cross-Site Scripting (XSS) vulnerability and injection attacks exist, specifically targeting the $subcatnm paremeter. The function echo the user-supplied parameter without validation. Malicious attackers can leverage this vulnerability to access sensitive client information.
Path: /booklist.php?subcatid=1&subcatnm=<img/src/onerror=alert(1)>
<div id="content">
<div class="post">
<h1 class="title"><?php echo $_GET['subcatnm'];?></h1>
<div class="entry">