Kai Wang

**Name of the Vulnerable Software and Affected Versions** SourceCodester Water Billing System version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the `lastname` text box under the Add Client module. Cross-site scripting (XSS) is a type of security vulnerability that occurs when an attacker is able to inject malicious scripts into a website, which are then executed by the user's browser. **Recommendations** For SourceCodester Water Billing System version 1.0, consider disabling the Add Client module or restricting access to it until a patch is available. As a temporary workaround, avoid using the `lastname` text box in the Add Client module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Loan Management System version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the `Type` parameter under the Edit Loan Types module. **Recommendations** For SourceCodester Loan Management System version 1.0, avoid using the `Type` parameter in the Edit Loan Types module until the issue is resolved. As a temporary workaround, consider restricting access to the Edit Loan Types module to minimize the risk of exploitation.