Florian Walter

**Name of the Vulnerable Software and Affected Versions** SocialMediaWebsite version 1.0.1 **Description** A reflected cross-site scripting (XSS) issue allows attackers to inject malicious JavaScript into a victim's web browser via the `poll` parameter in "poll.php". **Recommendations** For SocialMediaWebsite version 1.0.1, consider restricting access to the "poll.php" endpoint until a patch is available. As a temporary workaround, avoid using the `poll` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KLiK SocialMediaWebsite version 1.0.1 **Description** A reflected cross-site scripting (XSS) vulnerability may allow remote attackers to execute arbitrary JavaScript in the web browser of a user. This can be achieved by including a malicious payload into the `selector` or `validator` parameters of the "create-new-pwd.php" endpoint. **Recommendations** For KLiK SocialMediaWebsite version 1.0.1, consider disabling the `create-new-pwd.php` endpoint until a patch is available. Restrict access to the `selector` and `validator` parameters to minimize the risk of exploitation. Avoid using these parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zhimengzhe iBarn version 1.5 **Description** A reflected cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into the web browser of a victim via the `search` parameter in "offer.php". This issue enables attackers to execute malicious scripts in the context of the victim's browser, potentially leading to unauthorized actions or data theft. **Recommendations** For zhimengzhe iBarn version 1.5, consider disabling the search functionality in offer.php until a patch is available to prevent exploitation of the reflected XSS vulnerability. Restrict access to the offer.php page to minimize the risk of exploitation. Avoid using the `search` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FullStackHero's WebAPI Boilerplate versions 1.0.0 through 1.0.1 **Description** A host header injection issue in the forgot password function allows attackers to leak the password reset token via a crafted request. **Recommendations** For versions 1.0.0 and 1.0.1, as a temporary workaround, consider disabling the forgot password function until a patch is available. Restrict access to the forgot password endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** @perfood/couch-auth versions <= 0.20.0 **Description** A host header injection issue exists in the NPM package @perfood/couch-auth. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts. **Recommendations** For @perfood/couch-auth versions <= 0.20.0, consider disabling the forgot password feature until a patch is available. Restrict access to the forgot password request to minimize the risk of exploitation. Avoid using the host header in the forgot password request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** A reflected cross-site scripting issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload into any of the `calendar id`, `school date`, `month`, or `year` parameters in 'CalendarModal.php'. **Recommendations** For version 9.0, consider disabling access to 'CalendarModal.php' until a patch is available to prevent exploitation. Restrict input for the `calendar id`, `school date`, `month`, and `year` parameters to minimize the risk of arbitrary JavaScript execution.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** The issue allows remote attackers to read arbitrary files via a directory traversal vulnerability in the `filename` parameter of the "DownloadWindow.php" endpoint. **Recommendations** For version 9.0, consider restricting access to the "DownloadWindow.php" endpoint until a patch is available, and avoid using the `filename` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** The issue concerns a broken access control vulnerability in the database backup functionality. When an admin generates a database backup, it is stored in the web root with a filename that can be easily guessed, such as "opensisBackup<date>.sql". This file can be accessed by any unauthenticated actor and contains a dump of the whole database, including password hashes. **Recommendations** For openSIS Classic version 9.0, consider restricting access to the database backup files until a proper fix is available. As a temporary workaround, avoid using the default filename format for database backups and store them outside the web root to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload into the `include` parameter in the "ForExport.php" endpoint. **Recommendations** For openSIS Classic version 9.0, consider disabling access to the "ForExport.php" endpoint until a patch is available, or restrict the `include` parameter to prevent malicious input.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** A reflected cross-site scripting issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload into the `ajax` parameter in the 'ParentLookup.php' endpoint. **Recommendations** For openSIS Classic version 9.0, consider disabling access to the 'ParentLookup.php' endpoint until a patch is available, or restrict the `ajax` parameter to prevent malicious input.

**Name of the Vulnerable Software and Affected Versions** openSIS Classic version 9.0 **Description** The issue allows an unauthenticated remote attacker to access any student's files. This is achieved by visiting the "/assets/studentfiles/<studentId>-<filename>" API endpoint, where `studentId` and `filename` are variables that can be manipulated to access different files. **Recommendations** For openSIS Classic version 9.0, restrict access to the "/assets/studentfiles/<studentId>-<filename>" API endpoint to prevent unauthorized file access. Consider implementing proper authentication and authorization mechanisms to ensure that only authorized users can access student files.

**Name of the Vulnerable Software and Affected Versions** OpenSIS Classic Community Edition version 9.0 **Description** The issue lacks cross-site request forgery (CSRF) protection throughout the application, which may allow an attacker to trick an authenticated user into performing any kind of state-changing request. **Recommendations** For OpenSIS Classic Community Edition version 9.0, consider implementing CSRF protection mechanisms to prevent state-changing requests from being tricked by an attacker. As a temporary workaround, restrict access to sensitive areas of the application that could be exploited through CSRF attacks until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Economizzer version 0.9-beta1 **Description** A host header injection issue exists, allowing an attacker to send password reset links to users that lead to an attacker-controlled server, thus leaking the password reset token. This enables the attacker to reset other users' passwords by sending a specially crafted host header in the reset password request. **Recommendations** For Economizzer version 0.9-beta1, consider disabling the password reset functionality until a patch is available to prevent exploitation of the host header injection vulnerability. Restrict access to the reset password request to minimize the risk of attackers sending specially crafted host headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 (April 2023) **Description** The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. This allows the attacker to "hijack" clicks meant for their page and route them to another page, most likely owned by another application, domain, or both. **Recommendations** For gugoan Economizzer version 0.9-beta1, consider implementing framebusting techniques to prevent the page from being framed by other sites. For gugoan Economizzer commit 3730880 (April 2023), as a temporary workaround, consider restricting access to sensitive functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880 **Description** An Insecure Direct Object Reference (IDOR) vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the `Id` of the attachment. **Recommendations** For gugoan Economizzer version 0.9-beta1, consider restricting access to cash book entry attachments until a patch is available. For gugoan Economizzer commit 3730880, avoid using the attachment `Id` in unauthenticated requests to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gugoan Economizzer version 0.9-beta1 **Description** The issue concerns a user enumeration vulnerability in the login and forgot password functionalities. The application reacts differently when a user or email address is valid, and when it's not, potentially allowing an attacker to determine whether a user or email address is valid or brute force valid usernames and email addresses. **Recommendations** For version 0.9-beta1, consider temporarily disabling the login and forgot password functionalities until a patch is available. Restrict access to these features to minimize the risk of exploitation. Avoid using the affected functionalities in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gugoan Economizzer versions 0.9-beta1 and commit 3730880 (April 2023) **Description** A SQL injection vulnerability exists in the cash book feature of gugoan Economizzer, specifically in the `category id` parameter, which is used to list accomplishments by category. This vulnerability allows for SQL injection attacks. **Recommendations** For gugoan Economizzer version 0.9-beta1, consider disabling the feature to list accomplishments by category until a patch is available. For gugoan Economizzer commit 3730880 (April 2023), restrict access to the `category id` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Economizzer version 0.9-beta1 **Description** A remote code execution vulnerability exists via an insecure file upload. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry, allowing them to execute arbitrary commands. **Recommendations** For Economizzer version 0.9-beta1, consider disabling the file upload feature when adding new cash book entries until a patch is available. Restrict access to the attachment upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 Visual Project Explorer version 1.0 **Description** A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the `service` parameter in the 'headstart snapshot.php' endpoint. **Recommendations** For OpenKnowledgeMaps Head Start versions 4, 5, 6, 7, consider disabling access to the 'headstart snapshot.php' endpoint until a patch is available. For Visual Project Explorer version 1.0, restrict the use of the `service` parameter in the 'headstart snapshot.php' endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `service` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** msaad1999's PHP-Login-System version 2.0.1 **Description** A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the `validator` parameter in the "/reset-password" API endpoint. **Recommendations** For version 2.0.1, as a temporary workaround, consider disabling the `/reset-password` endpoint until a patch is available. Restrict access to the `validator` parameter in the `/reset-password` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.