Khaliquesx

**Name of the Vulnerable Software and Affected Versions** itsourcecode Loan Management System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via a crafted payload to the `lastname`, `firstname`, `middlename`, `address`, `contact no`, `email`, and `tax id` parameters in the new borrowers functionality on the Borrowers page. This allows for potential malicious script execution. **Recommendations** For itsourcecode Loan Management System version 1.0, consider restricting input to the `lastname`, `firstname`, `middlename`, `address`, `contact no`, `email`, and `tax id` parameters in the new borrowers functionality to prevent XSS attacks. Avoid using these parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.