Buraksevben

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Food Menu version 1.0 **Description** The issue concerns Cross Site Scripting (XSS) via the `Menu Name` and `Description` fields in the Update Menu section. This allows for potential malicious script injection. **Recommendations** For Sourcecodester Online Food Menu version 1.0, as a temporary workaround, consider restricting input in the `Menu Name` and `Description` fields to minimize the risk of exploitation. Avoid using these fields until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Product Inventory with Export to Excel version 1.0 **Description** The issue concerns cross-site scripting (XSS) attacks. Specifically, the Product Name and Product Code in the 'Add Product' section are vulnerable to such attacks. **Recommendations** For version 1.0, consider validating and sanitizing user input for the `Product Name` and `Product Code` fields to prevent XSS attacks. As a temporary workaround, restrict access to the 'Add Product' section until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Math Game with Leaderboard version 1.0 **Description** The issue concerns a Cross-Site Scripting (XSS) attack vulnerability. Specifically, the 'Your Name' field in the Submit Score section is affected. This type of attack occurs when an application includes user input in its output without proper validation, allowing an attacker to inject malicious scripts into the application. **Recommendations** For version 1.0, consider validating and sanitizing user input in the 'Your Name' field to prevent XSS attacks. As a temporary workaround, restrict user input to only allow expected characters and formats.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Login System with Email Verification version 1.0 **Description** The issue allows SQL Injection via the `user` parameter. This could potentially be exploited to extract or modify sensitive data. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester Login System with Email Verification version 1.0, consider restricting access to the `user` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Daily Habit Tracker App version 1.0 **Description** The issue allows SQL Injection via the parameter `tracker`. **Recommendations** For Sourcecodester Daily Habit Tracker App version 1.0, avoid using the parameter `tracker` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester School Task Manager App version 1.0 **Description** The issue allows SQL Injection via the `task` parameter. This could potentially be exploited to extract or modify sensitive data. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester School Task Manager App version 1.0, avoid using the `task` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester School Task Manager version 1.0 **Description** The issue is related to a lack of protection against SQL injection attacks. An attacker can exploit this to gain unauthorized access to the application's database through the `subject` parameter in a GET request. This allows for potential data manipulation or extraction. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester School Task Manager version 1.0, as a temporary workaround, consider restricting access to the `subject` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.