Lohyt

**Name of the Vulnerable Software and Affected Versions** Online Jewelry Shop version 1.0 **Description** A cross-site scripting (XSS) issue was discovered that allows attackers to execute arbitrary script via a crafted URL. **Recommendations** For Online Jewelry Shop version 1.0, consider disabling the execution of scripts from crafted URLs as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using crafted URLs in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Student Attendance Management System version 1.0 **Description** A File Upload issue exists via the file upload functionality. **Recommendations** For version 1.0, consider disabling the file upload functionality until a patch is available. Restrict access to the file upload module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Student Attendance Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the `couse` field in the "index.php" endpoint. This allows for malicious script execution. **Recommendations** For Sourcecodester Student Attendance Management System version 1.0, consider disabling the `couse` field in the "index.php" endpoint until a patch is available to prevent exploitation. Restrict access to the "index.php" endpoint to minimize the risk of XSS attacks. Avoid using the `couse` field in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** A Cross Site Scripting (XSS) issue exists in the system via the `fullname` parameter in a Send Service Request in vehicle service. This allows for potential malicious script execution. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider validating and sanitizing the `fullname` parameter to prevent XSS attacks. As a temporary workaround, restrict access to the Send Service Request feature in vehicle service until a patch is available.