CVE-2020-28071

Name of the Vulnerable Software and Affected Versions SourceCodester Alumni Management System version 1.0

Description The issue concerns cross-site scripting (XSS) in the /admin/gallery.php endpoint. After admin authentication, an attacker can upload an image to the gallery using a XSS payload in the about textarea, leading to a stored XSS. This allows the attacker to potentially execute malicious scripts on the system.

Recommendations For SourceCodester Alumni Management System version 1.0, consider disabling the about textarea in the /admin/gallery.php endpoint until a patch is available to prevent the upload of malicious XSS payloads. Restrict access to the /admin/gallery.php endpoint to minimize the risk of exploitation. Avoid using the about textarea in the affected endpoint until the issue is resolved.