Dewanritik

**Name of the Vulnerable Software and Affected Versions** SourceCodester Facebook News Feed Like version 1.0 **Description** A problematic issue has been found, affecting the New Account Handler component. The manipulation of the `First Name/Last Name` argument with the input `<script>alert(1)</script>` leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For version 1.0, avoid using the `First Name/Last Name` argument with unvalidated input to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing all user input for the New Account Handler component until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Facebook News Feed Like version 1.0 **Description** A vulnerability has been found in the Post Handler component, allowing for cross-site scripting. The issue arises from the manipulation of the `Description` argument with malicious input, such as `<marquee>HACKED</marquee>`. This can be exploited remotely. **Recommendations** For SourceCodester Facebook News Feed Like version 1.0, as a temporary workaround, consider restricting the use of the `Description` argument in the Post Handler component to minimize the risk of cross-site scripting exploitation. Avoid using the `Description` argument with unvalidated input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 1.0 **Description** A critical issue has been found in the Registration Page component of the affected software, leading to improper restriction of excessive authentication attempts. This can be exploited remotely. **Recommendations** For PHPGurukul Online Shopping Portal version 1.0, consider implementing proper rate limiting or IP blocking mechanisms to restrict excessive authentication attempts as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering Management System version 1.0 **Description** A critical issue was found in the Registration component, where the manipulation of the `username` argument leads to SQL injection. This can be exploited remotely. **Recommendations** For SourceCodester Food Ordering Management System version 1.0, consider restricting access to the Registration component until a fix is available. As a temporary workaround, avoid using the `username` argument in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Cold Storage Management System version 1.0 **Description** A vulnerability was found in the Create User Handler component of the SourceCodester Simple Cold Storage Management System. The issue affects some unknown functionality of the file /csms/admin/?page=user/list. The manipulation of the `First Name` and `Last Name` arguments leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the Create User Handler component until a patch is available. Restrict access to the /csms/admin/?page=user/list endpoint to minimize the risk of exploitation. Avoid using the `First Name` and `Last Name` arguments in the affected endpoint until the issue is resolved.