Acechestnut

**Name of the Vulnerable Software and Affected Versions** code-projects Job Recruitment version 1.0 **Description** A problem was found in the function `cn update` of the file `/ parse/ all edits.php`. The manipulation of the argument `cname` leads to cross site scripting. The attack may be initiated remotely. Other parameters might be affected as well. **Recommendations** For code-projects Job Recruitment version 1.0, as a temporary workaround, consider disabling the `cn update` function until a patch is available. Restrict access to the `/ parse/ all edits.php` file to minimize the risk of exploitation. Avoid using the parameter `cname` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Job Recruitment version 1.0 **Description** A problem has been found in the function `fln update` of the file `/ parse/ all edits.php`. The manipulation of the arguments `fname` and `lname` leads to cross site scripting attacks. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Job Recruitment version 1.0, as a temporary workaround, consider disabling the `fln update` function until a patch is available. Restrict access to the `/ parse/ all edits.php` file to minimize the risk of exploitation. Avoid using the arguments `fname` and `lname` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical vulnerability was found in the function `edit jobpost` of the file `/ parse/ all edits.php`. The manipulation of the argument `jobtype` leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Recommendations: For code-projects Job Recruitment version 1.0, as a temporary workaround, consider disabling the `edit jobpost` function until a patch is available. Restrict access to the ` all edits.php` file to minimize the risk of exploitation. Avoid using the parameter `jobtype` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.