CVE-2023-36159

Name of the Vulnerable Software and Affected Versions sourcecodester Lost and Found Information System version 1.0

Description The issue allows remote attackers to run arbitrary code via the First Name, Middle Name, and Last Name fields on the "Create User" page. This is a Cross Site Scripting (XSS) issue, which means an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For sourcecodester Lost and Found Information System version 1.0, consider validating and sanitizing user input for the First Name, Middle Name, and Last Name fields to prevent malicious code injection. As a temporary workaround, restrict access to the Create User page until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.