Adeeb Shah

**Name of the Vulnerable Software and Affected Versions** SourceCodester Daily Tracker System version 1.0 **Description** A Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `fullname` parameter in the "user-profile.php" file. **Recommendations** For SourceCodester Daily Tracker System version 1.0, avoid using the `fullname` parameter in the vulnerable "user-profile.php" file until a fix is available. Consider validating and sanitizing user input to prevent arbitrary script injection.

**Name of the Vulnerable Software and Affected Versions** Stock Management System version 1.0 **Description** A SQL injection issue in the login component allows a remote attacker to execute arbitrary SQL commands via the `username` parameter. **Recommendations** For Stock Management System version 1.0, avoid using the `username` parameter in the login component until the issue is resolved. Consider temporarily restricting access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodetester Daily Tracker System version 1.0 **Description** A SQL injection issue in the login functionality allows an unauthenticated user to bypass authentication using SQL injection via the `email` parameter. **Recommendations** For Sourcecodetester Daily Tracker System version 1.0, consider restricting access to the login functionality until a patch is available, and avoid using the `email` parameter in the affected API endpoint to minimize the risk of exploitation.