Exploit for Hostel Management System 2.1 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:165457
# Exploit Title: Hostel Management System 2.1 - Cross Site Scripting (XSS)  
# Date: 26/12/2021  
# Exploit Author: Chinmay Vishwas Divekar  
# Vendor Homepage: https://phpgurukul.com/hostel-management-system/  
# Software Link: https://phpgurukul.com/hostel-management-system/  
# Version: V 2.1  
# Tested on: PopOS_20.10  
  
*Steps to reproduce*  
  
1) Open book-hostel page using following url https://localhost/hostel/book-hostel.php  
2) Enter xss payload <img src=x onerror=alert(String.fromCharCode(88,83,83));> on various input fields.  
3) Server Accepted our Payload in input fileds.  
  
Affected input fields: Correspondence Address, Guardian Relation, Permanent Address