Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote malicious user to execute arbitrary code via the Last Name input field.