Cyberlord

**Name of the Vulnerable Software and Affected Versions** Best Courier Management System version 1.000 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `page` parameter in the URL. This is a Cross Site Scripting vulnerability. **Recommendations** For Best Courier Management System version 1.000, consider restricting access to the `page` parameter in the URL to minimize the risk of exploitation. Avoid using the `page` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Best Courier Management System version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the `userID` parameter. **Recommendations** For Best Courier Management System version 1.0, consider restricting access to the `userID` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Free and Open Source inventory management system version 1.0 **Description** The issue allows an arbitrary user to change the password of another user and take over the account via Insecure Direct Object Reference (IDOR) in the password change function. This is due to incorrect access control, enabling unauthorized access to user accounts. **Recommendations** For version 1.0, as a temporary workaround, consider disabling the password change function until a patch is available. Restrict access to the password change functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Free and Open Source inventory management system version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via the Add supplier function. This means an attacker could potentially inject malicious scripts into the system, affecting users who interact with the compromised functionality. **Recommendations** For version 1.0, as a temporary workaround, consider disabling the Add supplier function until a patch is available. Restrict access to this function to minimize the risk of exploitation. Avoid using the Add supplier feature in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Best Courier Management System version 1.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the change username field. This allows for potential malicious script injection, affecting the security of the system. **Recommendations** For Best Courier Management System version 1.0, consider restricting access to the change username field until a fix is available. As a temporary workaround, avoid using the `username` field in the affected area to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.