Chuckbartowski7

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** The software is susceptible to SQL Injection in the 'admin/view customer.php' file through the `ID` parameter. This allows for potential unauthorized access or modification of data. **Recommendations** Apply appropriate input validation and sanitization techniques to the `ID` parameter in the 'admin/view customer.php' file.

**Name of the Vulnerable Software and Affected Versions** Configuroweb Sistema Web de Inventario version 1.0 **Description** The software is susceptible to a Stored Cross-Site Scripting (XSS) issue because of insufficient input sanitization. Specifically, the `Nombre:Producto` parameter lacks proper validation, enabling an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript. The affected parameter is the product name. **Recommendations** Apply input sanitization to the `Nombre:Producto` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Link Status Checker version 1.0 **Description** The application is susceptible to a Cross-Site Scripting (XSS) issue in the 'Enter URLs to check' input field. This allows a remote attacker to execute arbitrary code. The vulnerable parameter is the `URLs` input. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input to the 'Enter URLs to check' field.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** The software is susceptible to Cross Site Scripting (XSS) attacks. The issue occurs in the '/admin/profile.php' component through the `fname` (First Name) and `lname` (Last Name) fields. Successful exploitation could allow an attacker to inject malicious scripts into the web page viewed by other users. **Recommendations** Update to a newer version that contains a fix for this vulnerability. Sanitize the input received from the `fname` and `lname` parameters in the '/admin/profile.php' component.

**Name of the Vulnerable Software and Affected Versions** ProjectWorlds Gym Management System version 1.0 **Description** The software is susceptible to SQL Injection through the `id` parameter in the 'profile/edit.php' page. This allows for potential unauthorized access or modification of data. The affected API endpoint is '/profile/edit.php'. The vulnerable parameter is `id`. **Recommendations** Apply appropriate input validation and sanitization techniques to the `id` parameter in the 'profile/edit.php' page to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Markdown to HTML Converter version 1.0 **Description** The software is susceptible to a Cross-Site Scripting (XSS) issue in the "Markdown Input" field. A remote attacker can inject arbitrary HTML/JavaScript code that will execute in the victim’s browser when the "Convert to HTML" button is clicked. The vulnerable parameter is `Markdown Input`. **Recommendations** Update to a newer version that contains a fix for this vulnerability.