Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows malicious users to run arbitrary code via parameters firstname and lastname in /add-user.php.