Kislay Kumar

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.

**Name of the Vulnerable Software and Affected Versions** Xeroneit Library Management System version 3.1 **Description** A stored cross-site scripting issue exists in the Book Category feature. This allows administrators to inject malicious scripts by inserting a payload into the `Category Name` field, which executes arbitrary JavaScript code when the page is loaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.