Sylvester Nyamururu

**Name of the Vulnerable Software and Affected Versions** Online Doctor Appointment System version 1.0 **Description** The issue concerns stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module. Authenticated attackers can execute arbitrary web scripts or HTML via crafted payloads in the `First Name`, `Last Name`, and `Address` text fields. **Recommendations** For Online Doctor Appointment System version 1.0, consider validating and sanitizing user input in the `First Name`, `Last Name`, and `Address` fields to prevent the execution of malicious scripts. As a temporary workaround, restrict access to the "Update Profile" module until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.