Mohamed Almarri

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Toll Tax Management System version v1 **Description** The issue is related to SQL Injection, where an attacker can inject malicious SQL code to manipulate the database. This can lead to unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Update to a version that includes a fix for the SQL Injection issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Expense Tracker App version 1 **Description** The issue is related to Cross Site Scripting (XSS) via the `add category` feature. This means an attacker could potentially inject malicious scripts into the application, affecting users who interact with the compromised category. **Recommendations** For Sourcecodester Expense Tracker App version 1, as a temporary workaround, consider disabling the `add category` feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation. Avoid using the `add category` functionality in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.