From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: CVE-2024-51031 2. **Description**: A Cross-Site Scripting (XSS) vulnerability exists in the `manage_account.php` file, allowing remote authenticated users to inject arbitrary web scripts via the "First Name", "Middle Name", and "Last Name" fields. 3. **Vulnerability Type**: Cross-Site Scripting (XSS) 4. **Affected Product**: Sourcecodester Cab Management System 1.0 5. **Affected Code Repository**: [https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html](https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html) - Version 1.0 6. **Affected Component**: The "firstname", "middlename", and "lastname" input fields on the `manage_account.php` page. 7. **Attack Vector**: - 1. Set up the application locally and log in using the provided credentials to gain sample client access. - 2. Navigate to the "Manage Account" section by clicking on the personal avatar. - 3. Inject the payload `` into the "First Name", "Middle Name", and "Last Name" fields. Complete the remaining form details and click the "Update Details" button. - 4. After receiving the "Account details successfully updated" message, log in to the admin portal. When accessing the "Registered Clients" page, a pop-up window displaying the admin's cookie will appear, confirming successful execution of a stored XSS attack. 8. **References**: - [https://www.sourcecodester.com](https://www.sourcecodester.com) - [https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html](https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html) - [https://portswigger.net/web-security/cross-site-scripting](https://portswigger.net/web-security/cross-site-scripting)