Sunyucheng

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Mobile Comparison Website version 1.0 **Description** A vulnerability has been found in the processing of the file classes/Master.php?f=save field, specifically with the `Field Name` argument, which leads to cross-site scripting. The attack can be initiated remotely. The issue is related to insufficient protection of the webpage structure when handling the `Field Name` argument, allowing an attacker to perform cross-site scripting attacks by sending specially crafted requests. **Recommendations** For version 1.0, consider disabling the `classes/Master.php?f=save field` endpoint until a patch is available to prevent exploitation. Restrict access to the `Field Name` argument in the affected endpoint to minimize the risk of cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.