SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.