Vulnerability Description: - The Student Manager system has a stored XSS vulnerability in the leave management module. When a low-privilege user submits a malicious payload and an administrator views it, the administrator's account may be compromised. Vulnerability Analysis: - The method in the file lacks input filtering for user-supplied content, leading to the XSS vulnerability. Proof of Concept: 1. Log in as a student account. 2. In the leave management section, add a new leave request and insert the payload in the "Reason for Leave" field. 3. Log in as an administrator account ( ). 4. Navigate to the leave management module and view the leave application from the student account. 5. The XSS payload triggers successfully.