Abhishek K.A

**Name of the Vulnerable Software and Affected Versions** CodeAstro POS and Inventory Management System version 1.0 **Description** A vulnerability was found in the New Item Creation Page of the system, affecting an unknown functionality of the file /new item. The manipulation of the `new item` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For CodeAstro POS and Inventory Management System version 1.0, consider restricting access to the /new item file of the New Item Creation Page to minimize the risk of exploitation. As a temporary workaround, avoid using the `new item` argument in the affected page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Food Ordering System version 1.0 **Description** A problem was found in the CodeAstro Online Food Ordering System. It affects some unknown functionality of the file dishes.php. The manipulation of the `res id` argument leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For CodeAstro Online Food Ordering System version 1.0, consider restricting access to the dishes.php file until a patch is available. As a temporary workaround, avoid using the `res id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Simple Banking System version 1.0 **Description** A problematic vulnerability has been found in the CodeAstro Simple Banking System, affecting an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For CodeAstro Simple Banking System version 1.0, consider disabling the createuser.php file or restricting access to the Create a User Page until a patch is available. Avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.