Boku7

**Name of the Vulnerable Software and Affected Versions** SourceCodester Stock Management System version 1.0 **Description** A Reflected Cross-Site Scripting (XSS) issue in the index.php login-portal webpage allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. **Recommendations** For SourceCodester Stock Management System version 1.0, consider disabling the login functionality in the index.php login-portal webpage until a patch is available, and restrict access to the webpage to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OSWAPP Warehouse Inventory System (aka OSWA-INV) versions prior to 2020-08-10 **Description** A Cross-Site Request Forgery (CSRF) issue allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. This occurs due to a vulnerability in the edit user.php file. **Recommendations** For OSWAPP Warehouse Inventory System (aka OSWA-INV) versions prior to 2020-08-10, consider restricting access to the edit user.php file until a fix is available. As a temporary workaround, restrict the ability to change the admin's password from third-party sites.