D34Dun1C02N

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Task Reminder System version 1.0 **Description** A Reflected Cross-site scripting (XSS) vulnerability allows an authenticated user to inject malicious javascript into the `page` parameter. This issue enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft. **Recommendations** For Sourcecodester Task Reminder System version 1.0, consider restricting access to the `page` parameter to prevent malicious javascript injection until a patch is available. As a temporary workaround, disabling the ability for authenticated users to modify the `page` parameter may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Medicine Tracker System version 1.0 **Description** A username enumeration issue was discovered in the login functionality, allowing a malicious user to guess a valid username due to a different response time from invalid usernames. When a valid username is entered, the response time increases depending on the length of the supplied password. **Recommendations** For Medicine Tracker System version 1.0, consider implementing a rate-limiting mechanism or a constant response time to prevent username enumeration. Additionally, restrict access to the login functionality to minimize the risk of exploitation.