CVE-2022-30462

Name of the Vulnerable Software and Affected Versions Water-billing-management-system version 1.0

Description The issue is related to Cross Site Scripting (XSS) that can be exploited via the /wbms/classes/Users.php API endpoint, specifically when the firstname variable is used with the f=save parameter. This allows for malicious scripts to be injected into the system.

Recommendations For Water-billing-management-system version 1.0, as a temporary workaround, consider restricting access to the /wbms/classes/Users.php endpoint or disabling the firstname variable in the f=save context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.