Jiaqi Yang

**Name of the Vulnerable Software and Affected Versions** SourceCodester Friendly Island Pizza Website and Ordering System version 1.0 **Description** A problematic vulnerability was found in the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the `transactioncode` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `cashconfirm.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `transactioncode` argument in the affected POST Parameter Handler to minimize the risk of exploitation.