Chen1-Boop

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Clearance System version 1.0 **Description** The application has a flaw in access control. This allows users with limited privileges to create sessions with higher privileges and execute sensitive operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Online Hotel Reservation System version 1.0 **Description** The Simple Online Hotel Reservation System contains a Cross Site Scripting (XSS) issue within the Add Room function. Specifically, entering malicious JavaScript code into the Description field can lead to the leakage of administrator cookie information when viewing room details. The vulnerable function is `Add Room`. **Recommendations** Sanitize user input in the Description field of the Add Room function to prevent the injection of malicious JavaScript code.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Car Rental System version 1.0 **Description** A permission bypass issue exists that allows low privilege users to forge high privilege sessions and perform sensitive operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** The code-projects Client Details System version 1.0 is susceptible to a Cross Site Scripting (XSS) issue. When adding customer information, the system allows malicious JavaScript code to be inserted into the `username` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Scheduling System version 1.0 **Description** The Simple Scheduling System is susceptible to Cross Site Scripting (XSS) through the Subject Description field. This allows for the injection of malicious scripts into the application. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Food Ordering Review System version 1.0 **Description** The Food Ordering Review System is susceptible to a Cross Site Scripting (XSS) issue within the registration function. An attacker can inject malicious JavaScript code as a username. When an administrator views user information, this triggers the XSS, potentially leading to the disclosure of the administrator's cookie information. **Recommendations** As a temporary workaround, consider sanitizing user input within the registration function to prevent the injection of malicious scripts. Restrict the characters allowed in the username field during registration to prevent the entry of JavaScript code. Implement appropriate output encoding when displaying user information to administrators to neutralize any potential XSS payloads.

**Name of the Vulnerable Software and Affected Versions** code-projects Document Management System version 1.0 **Description** The Document Management System contains a Cross Site Scripting (XSS) flaw. An attacker can exploit this issue to leak an administrator's cookie information by injecting malicious XSS code into the Company field during file uploads. **Recommendations** As a temporary workaround, sanitize user input for the Company field to prevent the injection of malicious code.

**Name of the Vulnerable Software and Affected Versions** code-projects Food Ordering Review System version 1.0 **Description** The Food Ordering Review System is susceptible to a Cross Site Scripting (XSS) issue. This issue affects the area where users submit reservation information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Computer Laboratory System version 1.0 **Description** The Computer Laboratory System contains a file upload issue. Staff members can upload malicious files, specifically PHP backdoor files, when modifying their avatar information. This allows for the potential acquisition of server permissions through web shell connection tools. **Recommendations** As a temporary workaround, restrict file uploads when modifying personal avatar information.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** The software contains an Incorrect Access Control issue. This allows users with limited privileges to create sessions with higher privileges, such as those of an administrator. This enables them to perform sensitive actions, including adding new users. **Recommendations** Apply appropriate access controls to prevent low-privileged users from forging high-privileged sessions.