CVE-2024-45986

Name of the Vulnerable Software and Affected Versions Projectworld Online Voting System version 1.0

Description A stored Cross-Site Scripting (XSS) issue was identified that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed.

Recommendations For Projectworld Online Voting System version 1.0, consider disabling the registration of new accounts until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the voter.php and profile.php pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.