Erik451

**Name of the Vulnerable Software and Affected Versions** Online Banking System Protect version 1.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are accessible via parameters on the `user profile`, `system info`, and `accounts management` pages. **Recommendations** For Online Banking System Protect version 1.0, consider restricting access to the vulnerable parameters on the user profile, system info, and accounts management pages until a patch is available. As a temporary workaround, avoid using these parameters in the affected areas. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Banking System Protect version 1.0 **Description** A remote code execution issue allows attackers to execute arbitrary code via a crafted PHP file uploaded through the `Upload Image` function. **Recommendations** For Online Banking System Protect version 1.0, consider disabling the `Upload Image` function until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Banking System Protect version 1.0 **Description** The issue is related to a local file inclusion (LFI) vulnerability. This vulnerability can be exploited via the `pages` parameter. **Recommendations** For Online Banking System Protect version 1.0, consider restricting access to the `pages` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.