Loan Management System 1.0 Cross Site Scripting

# Exploit Title: Loan Management System - Stored XSS on several parameters# Date: 28/07/2022# Exploit Author: saitamang# Vendor Homepage: sourcecodester# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip# Version: 1.0# Tested on: Centos 7 apache2 + MySQLThere are several functions and parameter affected as below:addUser.php- firstname- lastnamesave_ltype.php- ltype_name- ltype_descsave_borrower.php- firstname- middlename- lastname- addressThe payload use to inject is "/><svg/onload=alert(document.cookie)>