Samarth Dad

**Name of the Vulnerable Software and Affected Versions** Service Provider Management System version 1.0 **Description** An issue in the system allows a remote attacker to gain privileges via the `ID` parameter in the "/php-spms/admin/?page=user/" endpoint. **Recommendations** For version 1.0, consider disabling access to the "/php-spms/admin/?page=user/" endpoint until a patch is available. Restrict the use of the `ID` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Resort Reservation System version 1.0 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the `room`, `name`, and `description` parameters in the `manage room` function. This enables the attacker to potentially access and manipulate sensitive data. **Recommendations** For Resort Reservation System version 1.0, as a temporary workaround, consider disabling the `manage room` function until a patch is available. Restrict access to the parameters `room`, `name`, and `description` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.