https://code-projects.org/online-exam-mastering-system-php/
In vendor_management.php.There are unrestricted cross site scripting attacks and injection attacks in the admin-dashboard-in-php. The controllable parameters are as follows: nome parameter. This function will execute the user parameter without restriction into the echo statement. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients
Querying and storing data from the database directly and echo out it without filter, resulting in the execution of XSS statements.
Just type <script>alert(1)</script> in username