CVE-2024-7644

Name of the Vulnerable Software and Affected Versions SourceCodester Leads Manager Tool version 1.0

Description A problematic issue has been found, affecting the /endpoint/add-leads.php file of the Add Leads Handler component. The manipulation of the leads name and phone number arguments leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For SourceCodester Leads Manager Tool version 1.0, as a temporary workaround, consider restricting access to the /endpoint/add-leads.php endpoint until a patch is available. Avoid using the leads name and phone number arguments in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.