Joma Peralta

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Management System version 1.0 **Description** A problematic vulnerability has been found in the system, affecting the edit-profile.php file. The issue arises from the manipulation of the `fullname`, `phone`, `date of birth`, `address`, and `date of appointment` arguments, leading to cross-site scripting. This attack can be initiated remotely. **Recommendations** For SourceCodester Employee Management System version 1.0, consider restricting access to the edit-profile.php file until a fix is available, and avoid using the vulnerable arguments `fullname`, `phone`, `date of birth`, `address`, and `date of appointment` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Management System version 1.0 **Description** A problematic issue was found in the Leave Handler component, specifically in the delete-leave.php file. The `id` argument is vulnerable to manipulation, leading to improper access controls. This issue can be exploited remotely. **Recommendations** For SourceCodester Employee Management System version 1.0, consider restricting access to the delete-leave.php file until a fix is available. As a temporary workaround, avoid using the `id` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.