ISAMS is a 100% web-based MIS from ISAMS that can be accessed from anywhere, with multiple third-party integrations into the online learning platform. version 22.2.3.2 of ISAMS contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the title field of its groups, which can be exploited to launch cross-site scripting attack.