Mayank-S16

**Name of the Vulnerable Software and Affected Versions** Simple Bakery Shop Management System version 1.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Username` or `Full Name` fields in the `/bsms/?page=manage account` API endpoint. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system. **Recommendations** For Simple Bakery Shop Management System version 1.0, consider validating and sanitizing user input for the `Username` and `Full Name` fields to prevent malicious payload injection. As a temporary workaround, restrict access to the `/bsms/?page=manage account` endpoint until a proper fix is applied.