CVE-2022-32987

Name of the Vulnerable Software and Affected Versions Simple Bakery Shop Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields in the /bsms/?page=manage account API endpoint. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For Simple Bakery Shop Management System version 1.0, consider validating and sanitizing user input for the Username and Full Name fields to prevent malicious payload injection. As a temporary workaround, restrict access to the /bsms/?page=manage account endpoint until a proper fix is applied.