Ak0F711

**Name of the Vulnerable Software and Affected Versions** ZeroWdd studentmanager version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via the `username` parameter in the student list function. This is a Cross Site Scripting vulnerability. **Recommendations** For ZeroWdd studentmanager version 1.0, avoid using the `username` parameter in the student list function until the issue is resolved. As a temporary workaround, consider restricting access to the student list function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.