Haoatao

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10 Description: A flaw has been found in ExpressGateway affecting processing within the `lib/rest/routes/users.js` library of the REST Endpoint component. Manipulation of this component can lead to cross site scripting (XSS). The attack can be initiated remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this issue but did not respond. Recommendations: Versions prior to 1.16.10 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10 Description: A vulnerability exists in ExpressGateway, specifically within the `lib/rest/routes/apps.js` component’s REST Endpoint. The issue involves an unknown function and allows for cross-site scripting (XSS) attacks. This attack can be launched remotely. The exploit details have been publicly disclosed, and the vendor was informed but did not respond. Recommendations: Update ExpressGateway to a version beyond 1.16.10.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Medicine Guide version 1.0 **Description** A critical vulnerability exists in an unknown functionality of the file `/changepass.php`. Manipulation of the `ups` argument leads to a SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider restricting access to the `/changepass.php` file until a patch is available. Sanitize the `ups` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Medicine Guide version 1.0 **Description** A critical vulnerability exists in code-projects Online Medicine Guide version 1.0, related to SQL injection. The issue is located in the `/adaddmed.php` file, where manipulation of the `mname` argument can lead to successful exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Kitchen Treasure version 1.0 **Description** A critical vulnerability exists in code-projects Kitchen Treasure. The issue affects an unknown part of the file `/userregistration.php`. Manipulation of the `photo` argument leads to unrestricted upload, and the attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.