H4Md153V63N

**Name of the Vulnerable Software and Affected Versions** Intern Record System version 1.0 **Description** The issue is a Cross Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code. This is achieved through the `/intern/controller.php` endpoint, specifically by manipulating the `name` and `email` parameters. **Recommendations** For Intern Record System version 1.0, consider validating and sanitizing user input for the `name` and `email` parameters in the `/intern/controller.php` endpoint to prevent XSS attacks. As a temporary workaround, restrict access to the `/intern/controller.php` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple Task Managing System version 1.0 **Description** The issue allows attackers to execute arbitrary code and gain sensitive information through a SQL Injection vulnerability in the login.php file, specifically in the `username` and `password` parameters. **Recommendations** For Simple Task Managing System version 1.0, consider disabling the login functionality in login.php until a patch is available, or restrict access to the `username` and `password` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.