Stored XSS Vulnerability.
Description: Malicious JavaScript can be input in the 'name' parameter on the accountSetting.php page.
Vulnerable code on accountSetting.php line 23:
if ($con->query("update users SET name='$_POST[name]',number='$_POST[number]' where id='$_SESSION[userId]'")) {
Remediation:
Sanitize the input thats provided by the user in the 'name' parameter.
Stored XSS Vulnerability.
Description: Malicious JavaScript can be input in the 'name' parameter on the accountSetting.php page.
Vulnerable code on accountSetting.php line 23:
if ($con->query("update users SET name='$_POST[name]',number='$_POST[number]' where id='$_SESSION[userId]'")) {Remediation:
Sanitize the input thats provided by the user in the 'name' parameter.