Abdulaziz Saad

Name of the Vulnerable Software and Affected Versions: Rafed CMS Website version 1.44 Description: A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Rafed CMS Website version 1.44, consider disabling the index.php component until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using crafted payloads in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Discussion Forum Site 1 (affected versions not specified) **Description** An issue in the `delete post()` function allows unauthenticated attackers to arbitrarily delete posts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Discussion Forum Site 1 (affected versions not specified) **Description** The issue allows unauthenticated attackers to arbitrarily create or update user accounts due to a problem in the save users() function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Haraj version 3.7 **Description** A cross-site scripting issue in the ads comment section allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. **Recommendations** For Haraj version 3.7, consider disabling the ads comment section until a patch is available to prevent exploitation. Restrict access to this feature to minimize the risk of arbitrary web script or HTML execution.

**Name of the Vulnerable Software and Affected Versions** Haraj version 3.7 **Description** A reflected cross-site scripting (XSS) issue was found in the User Upgrade Form. This could potentially allow attackers to inject malicious scripts into the website, affecting users who interact with the compromised form. **Recommendations** For Haraj version 3.7, update the User Upgrade Form to properly sanitize user input and prevent XSS attacks. As a temporary workaround, consider restricting access to the User Upgrade Form until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Haraj version 3.7 **Description** A cross-site scripting issue in the DM Section component allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. **Recommendations** For Haraj version 3.7, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Haraj version 3.7 **Description** A stored cross-site scripting (XSS) issue was found in the Post Ads component. This allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized actions or data theft. **Recommendations** For Haraj version 3.7, update the Post Ads component to remove the stored XSS vulnerability. As a temporary workaround, consider restricting access to the Post Ads feature until a patch is available. Avoid using the Post Ads component with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** School Dormitory Management System version 1.0 **Description** The issue concerns SQL Injection, which can be exploited via the "reports/daily collection report.php" endpoint. Specifically, the vulnerability is located at line 59 of this file. **Recommendations** For School Dormitory Management System version 1.0, consider disabling access to the "reports/daily collection report.php" endpoint until a patch is available to prevent potential SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** School Dormitory Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the "accounts/payment history.php" endpoint, specifically at line 31. **Recommendations** For School Dormitory Management System version 1.0, consider restricting access to the vulnerable endpoint "accounts/payment history.php" to minimize the risk of exploitation. As a temporary workaround, review and modify the code at line 31 to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Dormitory Management System version 1.0 **Description** The issue is related to reflected cross-site scripting (XSS) in the admin/inc/navigation.php file at line 125. This means an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser. **Recommendations** For School Dormitory Management System version 1.0, consider disabling access to the admin/inc/navigation.php file until a patch is available to prevent exploitation of the reflected XSS issue.

**Name of the Vulnerable Software and Affected Versions** Home Owners Collection Management version 1 **Description** A reflected cross-site scripting (XSS) issue was found in the Admin panel. The vulnerability is exploited via the `page` parameter in the $ GET request. This allows an attacker to inject malicious scripts into the webpage, potentially leading to unauthorized actions or data theft. **Recommendations** For Home Owners Collection Management version 1, as a temporary workaround, consider restricting access to the Admin panel or sanitizing the `page` parameter in the $ GET request to prevent malicious script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Owners Collection Management version 1 **Description** A reflected cross-site scripting (XSS) issue was found in the Admin panel of Home Owners Collection Management. The vulnerability is exploited via the `$ GET['s']` parameter. **Recommendations** For Home Owners Collection Management version 1, as a temporary workaround, consider restricting access to the Admin panel or sanitizing the `$ GET['s']` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.