Hemant Raj Bhati

**Name of the Vulnerable Software and Affected Versions** SourceCodester Ship Ferry Ticket Reservation System version 1.0 **Description** An improper authorization issue exists in the `/admin/` file. Manipulation of the `page` argument allows for remote exploitation. **Recommendations** Avoid using the `page` argument in the `/admin/` file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Customer Relationship Management System version 1.0 Description A cross-site scripting issue exists due to the manipulation of the `Description` argument in the processing of the '/create-ticket.php' file within the Create Ticket component. This allows for remote exploitation, and the exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Leave Application System version 1.0 **Description** A security issue exists in the User Management Handler component of SourceCodester Leave Application System. This issue allows for cross site scripting, potentially enabling remote attacks. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester RSS Feed Parser version 1.0 **Description** A server-side request forgery (SSRF) issue exists in the `file get contents()` function of SourceCodester RSS Feed Parser. This manipulation allows for remote attacks. An exploit for this issue has been published and is available for use. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.