CVE-2023-2671

Name of the Vulnerable Software and Affected Versions SourceCodester Lost and Found Information System version 1.0

Description A problematic issue affects the Contact Form component, specifically the file classes/Master.php?f=save inquiry. The manipulation of the fullname, contact, or message arguments leads to cross-site scripting. This issue can be initiated remotely.

Recommendations For SourceCodester Lost and Found Information System version 1.0, consider disabling the Contact Form component until a patch is available. Restrict access to the classes/Master.php file to minimize the risk of exploitation. Avoid using the fullname, contact, and message arguments in the affected API endpoint until the issue is resolved.