Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote malicious users to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.