Josuã© Cruz Mier

**Name of the Vulnerable Software and Affected Versions** rems FAQ Management System version 1.0 SourceCodester FAQ Management System version 1.0 **Description** A cross-site scripting (XSS) vulnerability allows a remote attacker to obtain sensitive information via a crafted payload to the `Frequently Asked Question` field in the `Add FAQ` function. The vulnerability is also related to the lack of protection against SQL query structure exploitation, which may allow a remote attacker to execute arbitrary SQL queries to the database. **Recommendations** For rems FAQ Management System version 1.0, consider disabling the `Add FAQ` function until a patch is available. For SourceCodester FAQ Management System version 1.0, ensure input validation and security measures are in place for the `Add FAQ Question` function to mitigate risks. As a temporary workaround, avoid using untrusted input handling in the `Add FAQ` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Stock Management System version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via the `id` parameter in the "manage bo.php" file. This enables the attacker to potentially gain unauthorized access and control over the system. **Recommendations** For Stock Management System version 1.0, avoid using the `id` parameter in the "manage bo.php" file until a patch is available. As a temporary workaround, consider restricting access to the "manage bo.php" file to minimize the risk of exploitation.