XSS vulnerabilities
// admin/category/controller.php doEdit Function message("[". $_POST['CATEGORY'] ."] has been updated!", "success"); // admin/orders/controller.php doInsert Function message("New [". $_POST['PRODUCTNAME'] ."] created successfully!", "success"); // admin/user/controller.php doInsert Function message("New [". $_POST['U_NAME'] ."] created successfully!", "success"); // admin/user/controller.php doEdit Function message("[". $_POST['U_NAME'] ."] has been updated!", "success");
//In the file include/session.php function check_message(){ // some code echo '<label class="alert alert-info" style="width:100%;padding:5px;">'. $_SESSION['message'] . '</label>'; // some code }