CVE-2024-51032 is a Cross-site Scripting (XSS) vulnerability identified in the manage_recipient.php file of Sourcecodester Toll Tax Management System version 1.0. This vulnerability arises because the application fails to properly sanitize or encode user-supplied input in the 'owner' parameter, allowing remote authenticated users to inject arbitrary JavaScript or HTML code. The vulnerability requires the attacker to have valid credentials (authenticated user) and involves user interaction, such as tricking a user into clicking a crafted link or submitting malicious data. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4, reflecting a medium severity with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack can be launched remotely over the network with low attack complexity, requires privileges and user interaction, and affects confidentiality and integrity with a scope change. No patches or known exploits have been published yet, indicating that the vulnerability is newly disclosed. The vulnerability could be exploited to execute malicious scripts in the context of authenticated users, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions within the application.

The impact of CVE-2024-51032 primarily affects the confidentiality and integrity of data within the Sourcecodester Toll Tax Management System. Successful exploitation could allow attackers to execute arbitrary scripts, leading to session hijacking, credential theft, or unauthorized modification of data. While availability is not directly impacted, the compromise of user sessions or data integrity could disrupt normal operations and erode trust in the system. Organizations relying on this system for toll tax management could face operational disruptions, financial losses, and reputational damage if attackers leverage this vulnerability. The requirement for authentication and user interaction limits the attack surface but does not eliminate risk, especially in environments with many users or weak access controls. Additionally, the scope change in the CVSS vector indicates that the vulnerability could affect resources beyond the initially vulnerable component, potentially impacting other parts of the application or user data.

To mitigate CVE-2024-51032, organizations should implement strict input validation and output encoding on the 'owner' input field to prevent injection of malicious scripts. Employing a web application firewall (WAF) with rules targeting XSS payloads can provide an additional layer of defense. Restrict user privileges to the minimum necessary to reduce the potential impact of compromised accounts. Conduct regular security training to raise awareness about phishing and social engineering tactics that could facilitate exploitation. Monitor application logs and user activity for signs of suspicious behavior indicative of XSS exploitation attempts. Until an official patch is released, consider isolating the affected system or limiting access to trusted users only. Developers should review the entire codebase for similar input handling issues and adopt secure coding practices such as context-aware output encoding and use of security libraries or frameworks that automatically mitigate XSS risks.