Jazeye

**Name of the Vulnerable Software and Affected Versions** Online Library Management System version 3.0 **Description** An issue allows an attacker to escalate privileges via the `adminlogin.php` component and the `Login()` function. **Recommendations** Apply updates to address the issue in version 3.0. As a temporary workaround, consider restricting access to the `adminlogin.php` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rems' Employee Management System version 1.0 **Description** A Clickjacking issue exists that allows remote attackers to execute arbitrary JavaScript. The issue is present on the 'department.php' page and involves injecting a malicious payload into the Department Name field when adding a department. The vulnerable parameter is the Department Name field. **Recommendations** Apply input validation and sanitization to the Department Name field on the 'department.php' page to prevent the injection of malicious JavaScript. Implement Clickjacking protection mechanisms, such as the X-Frame-Options header, to prevent the page from being rendered in an iframe.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online-Library-Management-System version 3.0 **Description** An issue allows an attacker to escalate privileges via the `index.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.