Crazychen123

**Name of the Vulnerable Software and Affected Versions** Online Reviewer Management System version 1.0 **Description** An issue was discovered in the Online Reviewer Management System, where there is a XSS vulnerability. This vulnerability can be exploited via the `reviewer 0/admins/assessments/course/course-update.php` API endpoint. **Recommendations** For Online Reviewer Management System version 1.0, as a temporary workaround, consider restricting access to the `course-update.php` file until a patch is available. Avoid using the vulnerable API endpoint `reviewer 0/admins/assessments/course/course-update.php` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Reviewer Management System version 1.0 **Description** An issue was discovered in the Online Reviewer Management System, where a SQL injection can directly issue instructions to the background database system via the "reviewer 0/admins/assessments/course/course-update.php" API endpoint. The `course-update.php` endpoint is vulnerable, allowing potential exploitation. **Recommendations** For Online Reviewer Management System version 1.0, as a temporary workaround, consider restricting access to the "reviewer 0/admins/assessments/course/course-update.php" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.