CVE-2024-10198

Name of the Vulnerable Software and Affected Versions code-projects Pharmacy Management System version 1.0

Description A vulnerability was found in the Pharmacy Management System, affecting an unknown functionality of the file /manage customer.php of the component Manage Customer Page. The manipulation of the argument suppliers name/address leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Recommendations For version 1.0, consider disabling the suppliers name/address argument in the /manage customer.php file until a patch is available. Restrict access to the Manage Customer Page to minimize the risk of exploitation. Avoid using the suppliers name/address parameter in the affected API endpoint until the issue is resolved.