Fahadletsleep

**Name of the Vulnerable Software and Affected Versions** InvoicePlane versions up to 1.6.1 **Description** A vulnerability was found in InvoicePlane, affecting some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For InvoicePlane versions up to 1.6.1, upgrade to version 1.6.2-beta-1 to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the /invoices/view file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: nafisulbari/itsourcecode Insurance Management System version 1.0 Description: A vulnerability has been found in the Insurance Management System, affecting an unknown functionality of the file editClient.php. The manipulation of the `AGENT ID` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the `editClient.php` file until a patch is available. Avoid using the `AGENT ID` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: nafisulbari/itsourcecode Insurance Management System version 1.0 Description: A vulnerability was found in the Insurance Management System, affecting some unknown functionality of the file addClient.php. The manipulation of the `CLIENT ID` argument leads to cross-site scripting. The attack may be launched remotely. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the `addClient.php` file until a patch is available. Avoid using the `CLIENT ID` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: nafisulbari/itsourcecode Insurance Management System version 1.0 Description: A critical issue has been found in the Insurance Management System, affecting some unknown functionality of the file `editPayment.php` of the component Payment Handler. The manipulation of the argument `recipt no` leads to improper access controls, allowing for remote attacks. The vendor was contacted about this disclosure but did not respond. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the `editPayment.php` file until a patch is available. Avoid using the argument `recipt no` in the affected Payment Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nafisulbari/itsourcecode Insurance Management System version 1.0 **Description** A vulnerability was found in the Insurance Management System, affecting an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the `Nominee-Client ID` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider validating user input for the `Nominee-Client ID` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.