CVE-2022-37253

Name of the Vulnerable Software and Affected Versions Crime Reporting System version 1.0

Description The issue allows a remote attacker to introduce arbitrary Javascript via manipulation of an unsanitized POST parameter, enabling persistent cross-site scripting (XSS) attacks.

Recommendations For Crime Reporting System version 1.0, as a temporary workaround, consider sanitizing the POST parameter to prevent the introduction of malicious Javascript code. Restrict access to the affected module to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved.