CVE-2022-31914

Name of the Vulnerable Software and Affected Versions Zoo Management System version 1.0

Description The issue is related to Cross Site Scripting (XSS) in the Zoo Management System. The vulnerability can be exploited via the "zms/admin/public html/save animal?an id=24" API endpoint, specifically through the an id variable. This allows for malicious script execution.

Recommendations For Zoo Management System version 1.0, as a temporary workaround, consider restricting access to the "zms/admin/public html/save animal" API endpoint until a patch is available. Avoid using the an id variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.