CVE-2022-30837

Name of the Vulnerable Software and Affected Versions Toll-tax-management-system version 1.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability. It can be exploited via the API endpoint "/ttms/classes/Master.php" with the parameter f set to "save recipient" and the vehicle name variable.

Recommendations For Toll-tax-management-system version 1.0, as a temporary workaround, consider restricting access to the "/ttms/classes/Master.php" endpoint with the f parameter set to "save recipient" until a patch is available. Avoid using the vehicle name variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.