CVE-2023-1447

Name of the Vulnerable Software and Affected Versions SourceCodester Medicine Tracker System version 1.0

Description A problematic issue has been found in the system, affecting some unknown functionality of the file "app/?page=medicines/manage medicine". The manipulation of the name/description argument with the input <script>alert('2')</script> leads to cross-site scripting. The attack can be launched remotely.

Recommendations For SourceCodester Medicine Tracker System version 1.0, as a temporary workaround, consider restricting access to the "app/?page=medicines/manage medicine" endpoint to minimize the risk of exploitation. Avoid using the name/description argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.