Clock12138

**Name of the Vulnerable Software and Affected Versions** ZeroWdd studentmanager versions prior to 2151560fc0a50ec00426785ec1e01a3763b380d9 **Description** A security issue exists in ZeroWdd studentmanager. The `addLeave` function within the `src/main/java/com/wdd/studentmanager/controller/LeaveController.java` file is susceptible to cross site scripting due to manipulation of the `Reason for Leave` argument. This attack can be initiated remotely. The exploit has been publicly disclosed. The product employs a rolling release model, making specific version details for updates unavailable. The project's code repository is no longer actively maintained. **Recommendations** As a temporary workaround, consider disabling the `addLeave()` function until a fix is available. Sanitize the `Reason for Leave` input to prevent the injection of malicious scripts. Restrict access to the `LeaveController.java` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.