CVE-2021-40261

Name of the Vulnerable Software and Affected Versions SourceCodester CASAP Automated Enrollment System version 1.0

Description Multiple Cross Site Scripting (XSS) vulnerabilities exist in the system via various parameters in different PHP files, including user username and category in "save class.php", firstname, class, and status in "student table.php", category and class name in "add class1.php", fname, mname, lname, address, class, gfname, gmname, glname, rship, status, transport, and route in "add student.php" and "save stud.php", and others in "add user.php", "users.php", "save user.php", and "table name".

Recommendations As a temporary workaround, consider disabling the vulnerable parameters until a patch is available. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.