Black-Scorp10

**Name of the Vulnerable Software and Affected Versions** online diagnostic lab management system using php version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to execute arbitrary code via the `Test Name` parameter on the "diagnostic/add-test.php" component. This can potentially lead to the execution of malicious scripts. **Recommendations** For online diagnostic lab management system using php version 1.0, consider disabling the `Test Name` parameter in the "diagnostic/add-test.php" component until a patch is available. Restrict access to the diagnostic/add-test.php component to minimize the risk of exploitation. Avoid using the `Test Name` parameter in the affected component until the issue is resolved.