Nandanacp

**Name of the Vulnerable Software and Affected Versions** ATSMS web application (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the `search-autootaxi.php` endpoint of the ATSMS web application. The application does not properly sanitize user input submitted through a form field, enabling an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This can allow attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions within the victim’s browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.