Aftab Shaikh

**Name of the Vulnerable Software and Affected Versions** sourcecodester Toll Tax Management System version 1.0 **Description** The issue allows remote attackers to run arbitrary code via the `First Name` and `Last Name` fields on the "My Account" page. This is a Cross Site Scripting (XSS) issue, which means an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For sourcecodester Toll Tax Management System version 1.0, consider validating and sanitizing user input for the `First Name` and `Last Name` fields to prevent malicious code injection. As a temporary workaround, restrict access to the "My Account" page until a proper fix is implemented.