CVE-2024-4644

Name of the Vulnerable Software and Affected Versions SourceCodester Prison Management System version 1.0

Description A cross-site scripting vulnerability has been found in the /Employee/changepassword.php file. The manipulation of the txtold password, txtnew password, and txtconfirm password arguments leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For SourceCodester Prison Management System version 1.0, as a temporary workaround, consider restricting access to the /Employee/changepassword.php file until a patch is available. Avoid using the txtold password, txtnew password, and txtconfirm password arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.