L3V1Ath0N

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A vulnerability was found in the Manage User Page component, specifically affecting the "admin/?page=user/manage user" endpoint. The issue arises from the manipulation of the `First Name`, `Middle Name`, and `Last Name` arguments, leading to basic cross-site scripting. This can be initiated remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the "admin/?page=user/manage user" endpoint until a fix is available. As a temporary workaround, avoid using the `First Name`, `Middle Name`, and `Last Name` arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue has been identified, affecting the /admin/?page=user/list file, which leads to improper access controls. The attack can be initiated remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the /admin/?page=user/list endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Human Resource Management System version 1.0 **Description** A critical issue has been found in the Image File Handler component of the SourceCodester Human Resource Management System, specifically affecting an unknown functionality of the file /employeeview.php. This issue leads to unrestricted upload and can be exploited remotely. **Recommendations** For version 1.0, consider disabling the /employeeview.php file or restricting access to it until a patch is available to prevent unrestricted upload. Additionally, restrict access to the Image File Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Book Store Management System version 1.0 **Description** A vulnerability was found in the SourceCodester Book Store Management System. It affects the file /category.php, where the manipulation of the `category name` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Book Store Management System version 1.0, consider restricting access to the /category.php file until a fix is available. As a temporary workaround, avoid using the `category name` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-Based Student Clearance System version 1.0 **Description** A critical issue was found in the Photo Handler component, specifically in the file edit-photo.php, allowing for unrestricted upload. This can be exploited remotely. **Recommendations** For version 1.0, consider disabling the edit-photo.php file or restricting access to it until a fix is available. As a temporary workaround, restrict the upload functionality in the Photo Handler component to minimize the risk of exploitation.