Li Feng

**Name of the Vulnerable Software and Affected Versions** projectworlds House Rental and Property Listing version 1.0 **Description** A flaw exists in projectworlds House Rental and Property Listing that allows for cross site scripting. The issue is related to the processing of the `/app/complaint.php` file. Specifically, manipulating the `Name` argument can trigger the flaw. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects ABC Courier Management System version 1.0 **Description** A critical issue exists in 1000 Projects ABC Courier Management System version 1.0. The vulnerability is located in an unknown functionality of the file `/Add reciver.php`. Manipulation of the `reciver name` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. **Recommendations** As a mitigation, sanitize the `reciver name` argument in the `/Add reciver.php` file to prevent SQL injection.