Wengao

**Name of the Vulnerable Software and Affected Versions** SourceCodester Life Insurance Management System version 1.0 **Description** A vulnerability was found in the file insertNominee.php of the component POST Parameter Handler. The manipulation of the `nominee id` argument leads to cross site scripting. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the `insertNominee.php` file or restricting access to the POST Parameter Handler component until a patch is available. Avoid using the `nominee id` argument in the affected API endpoint until the issue is resolved.