CVE-2022-26295

Name of the Vulnerable Software and Affected Versions Online Project Time Management System version 1.0

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field in the "/ptms/?page=user" API endpoint.

Recommendations For Online Project Time Management System version 1.0, consider disabling the user name field in the "/ptms/?page=user" endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary web script execution. Avoid using the user name field in the affected API endpoint until the issue is resolved.