CVE-2022-45224

Name of the Vulnerable Software and Affected Versions Web-Based Student Clearance System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter in the Admin/add-admin.php file. This enables the execution of malicious code, potentially leading to unauthorized access or data manipulation.

Recommendations For Web-Based Student Clearance System version 1.0, consider disabling the txtfullname parameter in the Admin/add-admin.php file until a patch is available to prevent exploitation. Restrict access to the Admin/add-admin.php file to minimize the risk of arbitrary web script or HTML execution.