Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. The Covid-19 Travel Pass Management System v1.0 version contains a cross-site scripting vulnerability that originates in /ctpms/classes/Users.php?f=save and lacks data validation filters for user-supplied data and output. The vulnerability is caused by a lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.