CVE-2022-30839

Name of the Vulnerable Software and Affected Versions Room-rent-portal-site version 1.0

Description The issue is related to Cross Site Scripting (XSS) via the API endpoint "/rrps/classes/Master.php" with parameters f set to "save category" and vehicle name. This allows for potential malicious script execution.

Recommendations For Room-rent-portal-site version 1.0, as a temporary workaround, consider restricting access to the "/rrps/classes/Master.php" endpoint with the f parameter set to "save category" and the vehicle name parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.