0Xbhushan

**Name of the Vulnerable Software and Affected Versions** Society Management System Portal version 1.0 **Description** A stored Cross-Site Scripting (XSS) issue exists in the /admin/edit user.php page. This allows remote attackers to inject and store arbitrary JavaScript code, which is then executed in users' browsers. The issue is exploitable through the `name` parameter in a POST HTTP request. Successful exploitation results in the execution of malicious scripts when affected content is viewed by other users, including administrators. **Recommendations** Update to a newer version of Society Management System Portal to address this vulnerability. As a temporary workaround, sanitize the `name` parameter in the /admin/edit user.php page to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** kashipara Online Service Management Portal version V1.0 **Description** The issue concerns a SQL Injection vulnerability in the /osms/Requester/Requesterchangepass.php endpoint, specifically via the `rPassword` parameter. **Recommendations** For kashipara Online Service Management Portal version V1.0, consider restricting access to the /osms/Requester/Requesterchangepass.php endpoint until a patch is available, and avoid using the `rPassword` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kashipara Online Service Management Portal version V1.0 **Description** The issue is related to SQL Injection in the osms/Requester/CheckStatus.php file via the `checkid` parameter. This allows for potential exploitation. **Recommendations** For kashipara Online Service Management Portal version V1.0, avoid using the `checkid` parameter in the osms/Requester/CheckStatus.php file until the issue is resolved. As a temporary workaround, consider restricting access to the osms/Requester/CheckStatus.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhpGurukul Medical Card Generation System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) in the /admin/search-medicalcard.php endpoint via the `searchdata` parameter. This allows for potential malicious script injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For PhpGurukul Medical Card Generation System version 1.0, consider disabling the `searchdata` parameter in the /admin/search-medicalcard.php endpoint until a patch is available. Restrict access to the /admin/search-medicalcard.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.