Jairajparyani

**Name of the Vulnerable Software and Affected Versions** ProjectsAndPrograms School Management System version 1.0 **Description** A Reflected Cross-site Scripting (XSS) issue exists in the `themeSet.php` file. The application does not properly sanitize user-supplied input in the `theme` parameter, which allows an attacker to inject and execute arbitrary JavaScript in a victim’s browser. **Recommendations** As a temporary workaround, consider restricting access to the `themeSet.php` file until a fix is available. Ensure proper sanitization of the `theme` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Online Shopping System Advanced version 1.0 **Description** A SQL Injection flaw exists in the `product.php` page. The `product id` GET parameter is not properly validated before being included in a SQL statement. **Recommendations** Ensure proper validation of the `product id` GET parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Online Shopping System Advanced version 1.0 **Description** A reflected Cross-Site Scripting (XSS) vulnerability exists in the `register.php` file. Unsanitized user input in the `f name` parameter is reflected in the server response without proper HTML encoding or output escaping, potentially allowing remote attackers to inject arbitrary JavaScript code. **Recommendations** Ensure proper HTML encoding or output escaping is implemented for the `f name` parameter in the `register.php` file.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Online Shopping System Advanced version 1.0 **Description** A SQL Injection vulnerability exists due to improper sanitization of user-supplied input in the `keyword` POST parameter of the login.php file. **Recommendations** Ensure proper sanitization of user-supplied input for the `keyword` POST parameter in the login.php file.