Fatih Tüzün

**Name of the Vulnerable Software and Affected Versions** Online Pizza Delivery System version 1.0 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in the search.php file, allowing an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the `search` parameter. This occurs because the input is not properly sanitized, enabling the execution of malicious scripts. **Recommendations** For Online Pizza Delivery System version 1.0, consider disabling the search function in the search.php file until a patch is available to prevent exploitation. Restrict access to the search parameter to minimize the risk of arbitrary JavaScript code execution. Avoid using the `search` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Food Ordering System version 1.0 **Description** A SQL Injection issue exists in the login form of the system. The issue arises because the input fields `username` and `password` are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access. **Recommendations** Online Food Ordering System version 1.0: Properly sanitize the `username` and `password` input fields to prevent SQL injection attacks. Ensure that all user input is validated and escaped to prevent malicious SQL queries from being executed.

**Name of the Vulnerable Software and Affected Versions** HortusFox version 3.9 **Description** The issue is related to a stored XSS vulnerability in the "Add Plant" function. The `name` input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads. **Recommendations** For HortusFox version 3.9, as a temporary workaround, consider disabling the "Add Plant" function until a patch is available. Restrict access to the `name` input field in the "Add Plant" function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.