CVE-2024-8366

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0

Description: A vulnerability was found in the Update My Profile Page component of the Pharmacy Management System. The issue affects an unknown part of the file /index.php?id=userProfileEdit. The manipulation of the arguments fname, lname, or email with malicious input, such as <script>alert(1)</script>, leads to cross-site scripting. This can be initiated remotely.

Recommendations: For version 1.0, patch the system immediately and validate user input to prevent malicious script injection. As a temporary workaround, consider restricting access to the /index.php?id=userProfileEdit page until a patch is available. Avoid using the arguments fname, lname, or email in the affected page until the issue is resolved.