CVE-2022-1102

Name of the Vulnerable Software and Affected Versions SourceCodester Royale Event Management System version 1.0

Description A problematic issue has been found in the system, affecting an unknown function of the file /royal event/companyprofile.php. The manipulation of the companyname, regno, companyaddress, or companyemail arguments leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations For SourceCodester Royale Event Management System version 1.0, consider disabling the affected function in the /royal event/companyprofile.php file until a patch is available. Restrict access to the companyprofile.php file to minimize the risk of exploitation. Avoid using the companyname, regno, companyaddress, or companyemail arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.