Unknown · Sourcecodester Toll Tax Management System · CVE-2023-36158
**Name of the Vulnerable Software and Affected Versions**
sourcecodester Toll Tax Management System version 1.0
**Description**
The issue allows remote attackers to run arbitrary code via the `First Name` and `Last Name` fields on the "My Account" page. This is a Cross Site Scripting (XSS) issue, which means an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions.
**Recommendations**
For sourcecodester Toll Tax Management System version 1.0, consider validating and sanitizing user input for the `First Name` and `Last Name` fields to prevent malicious code injection. As a temporary workaround, restrict access to the "My Account" page until a proper fix is implemented.