CVE-2024-48415

Name of the Vulnerable Software and Affected Versions itsourcecode Loan Management System version 1.0

Description The issue is related to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact no, email, and tax id parameters in the new borrowers functionality on the Borrowers page. This allows for potential malicious script execution.

Recommendations For itsourcecode Loan Management System version 1.0, consider restricting input to the lastname, firstname, middlename, address, contact no, email, and tax id parameters in the new borrowers functionality to prevent XSS attacks. Avoid using these parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.