# admin-dashboard-in-php has Cross Site Scripting vulnerability in vendor_management.php
## supplier
https://code-projects.org/online-exam-mastering-system-php/
## describe
In vendor_management.php.There are unrestricted cross site scripting attacks and injection attacks in the admin-dashboard-in-php. The controllable parameters are as follows: nome parameter. This function will execute the user parameter without restriction into the echo statement. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients
## Code analysis


Querying and storing data from the database directly and echo out it without filter, resulting in the execution of XSS statements.
## payload
Just type <script>alert(1)</script> in username
## result
