Faizal Abroni

**Name of the Vulnerable Software and Affected Versions** BMI Adult & Kid Calculator versions 1.2.1 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in the BMI Adult & Kid Calculator. **Recommendations** For versions 1.2.1 and earlier, update to a version that fixes the CSRF vulnerability to prevent Stored XSS attacks. As a temporary workaround, consider disabling any features that may be susceptible to CSRF attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Scimone Ignazio Prenotazioni versions 1.7.4 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Stored Cross-site Scripting (XSS) vulnerability. This allows for the storage of malicious scripts in the application, which can be executed when other users access the affected web page. **Recommendations** For Scimone Ignazio Prenotazioni versions 1.7.4 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MJM Clinic versions 1.1.22 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for malicious scripts to be injected into web pages. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions 1.1.22 and earlier, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Matt Manning MJM Clinic versions 1.1.22 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions 1.1.22 and earlier, update to a version that fixes this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PT Sign Ups – Beautiful volunteer sign ups and management made easy versions 1.0.4 and earlier **Description** The issue affects the PT Sign Ups – Beautiful volunteer sign ups and management made easy software, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting attacks. **Recommendations** For versions 1.0.4 and earlier, update to a version that contains a fix for this issue, as the current version allows stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.