B0Mk35H

**Name of the Vulnerable Software and Affected Versions** CloudClassroom-PHP-Project version 1.0 **Description** A SQL Injection issue exists in the `takeassessment2.php` file. The `Q4` POST parameter is not properly sanitized before being used in SQL queries. **Recommendations** Ensure proper sanitization of the `Q4` POST parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** Institute-of-Current-Students version 1.0 **Description** A stored Cross-Site Scripting (XSS) vulnerability exists in the `qureydetails.php` page. The input fields for `Query` and `Answer` do not properly sanitize user input, allowing authenticated users to inject arbitrary JavaScript code. **Recommendations** Sanitize user input for the `Query` and `Answer` fields in the `qureydetails.php` page to prevent the injection of malicious scripts.