CVE-2022-29005

Name of the Vulnerable Software and Affected Versions Online Birth Certificate System version 1.2

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters in the /obcs/user/profile.php component. This enables the execution of malicious code on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For Online Birth Certificate System version 1.2, consider validating and sanitizing user input for the fname and lname parameters to prevent malicious code injection. As a temporary workaround, restrict access to the /obcs/user/profile.php component until a patch is available. Avoid using the fname and lname parameters in the affected component until the issue is resolved.