Akıner Kisa

**Name of the Vulnerable Software and Affected Versions** WISECP versions prior to 20022026 **Description** Cross-Site Request Forgery (CSRF) allows an attacker to induce a user to perform actions they did not intend to do by tricking their browser into sending a forged request to the application. **Recommendations** Update to a version later than 20022026.

**Name of the Vulnerable Software and Affected Versions** Dayneks Software Industry and Trade Inc. E-Commerce Platform versions through 27022026 **Description** The Dayneks Software Industry and Trade Inc. E-Commerce Platform is affected by an Improper Neutralization of Special Elements used in an SQL Command issue, also known as SQL Injection. This allows for the execution of malicious SQL commands when an attacker inserts unsanitized SQL code into input fields. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions through 27022026 should be updated when a fixed version is available. As a temporary workaround, implement robust input validation and sanitization for all user-supplied data used in SQL queries.

**Name of the Vulnerable Software and Affected Versions** Proliz Software Ltd. OBS (Student Affairs Information System) versions prior to 26.5009 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the execution of malicious scripts within the context of a user's browser. The vulnerability exists in the way the application handles user-supplied data when constructing web pages. The vulnerable component is susceptible to injection of malicious code through crafted input. **Recommendations** Update to version 26.5009 or later.

**Name of the Vulnerable Software and Affected Versions** TalentSoft Software UNIS versions prior to 42321 **Description** A flaw exists in TalentSoft Software UNIS related to the improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This issue could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data modification, or disclosure. **Recommendations** Update TalentSoft Software UNIS to version 42321 or later.

**Name of the Vulnerable Software and Affected Versions** Proliz Software Ltd. Co. OBS (Student Affairs Information System) versions prior to V26.0401 **Description** A flaw exists in Proliz Software Ltd. Co. OBS (Student Affairs Information System) that allows for Reflected Cross-site Scripting (XSS). This issue arises from improper neutralization of input during web page generation. The vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Proliz Software Ltd. Co. OBS (Student Affairs Information System) to version V26.0401 or later.

**Name of the Vulnerable Software and Affected Versions** Vizly Web Design Real Estate Packages versions prior to 5.1 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, also known as Cross-site Scripting (XSS). This issue allows for Content Spoofing and may lead to Session Hijacking. **Recommendations** Update Vizly Web Design Real Estate Packages to version 5.1 or later.