Issue Description

Cross-Site Scripting (XSS): Summary: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Severity: High Payload: %3C/script%3E%3Cscript%3Ealert(%27RXSS%20by%20Satya%20(0xKayala)%27)%3C/script%3E%27%22%3E%3C41707 Complexity: Easy From: Remote / External Impact: An Adversary can carry out XSS attack and also can take the cookie of the Admin and login through Admin Account. XSS can also impact a business’s reputation. Also, an adversary can manage to login through any other user's account with valid session cookies. An attacker can deface a corporate website by altering its content, thereby damaging the company’s image or spreading misinformation. A hacker can also change the instructions given to users who visit the target website, misdirecting their behavior. XSS Vulnerable Param: https://labour.tn.gov.in/overview.php?mode=%3C/script%3E%3Cscript%3Ealert(%27RXSS%20by%20Satya%20(0xKayala)%27)%3C/script%3E%27%22%3E%3C41707 Prevent and Recommendations: 1. Sanitizing Inputs 2. Use HTTPOnly cookie flag 3. Implement Content Security Policy 4. X-XSS-Protection Header References : 1. https://www.acunetix.com/websitesecurity/cross-site-scripting/ 2. https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet 3. https://portswigger.net/web-security/cross-site-scripting