Lucifoxer001

**Name of the Vulnerable Software and Affected Versions** SourceCodester Task Reminder System version 1.0 **Description** A problem was found in the Maintenance Section component of the system, affecting an unknown functionality. The issue arises from the manipulation of the `System Name` argument, leading to cross site scripting. This can be exploited remotely. **Recommendations** For version 1.0, consider disabling the functionality related to the `System Name` argument in the Maintenance Section to prevent cross site scripting attacks until a fix is available. Restrict access to the Maintenance Section to minimize the risk of exploitation. Avoid using the `System Name` argument in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Food Ordering System version 2.0 **Description** A problematic issue was found in the Category List Handler component, where the manipulation of the `Reason` argument with the input "><script>prompt(1)</script> leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Online Food Ordering System version 2.0, consider restricting the input for the `Reason` argument to prevent cross-site scripting attacks until a patch is available. As a temporary workaround, avoid using the `Reason` argument in the Category List Handler component.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Event Registration System version 1.0 **Description** A critical issue was found, allowing for unrestricted upload through the manipulation of the `cmd` argument. This can be exploited remotely. **Recommendations** For version 1.0, consider restricting access to the function that handles the `cmd` argument until a fix is available. As a temporary workaround, avoid using the `cmd` argument in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Event Registration System version 1.0 **Description** A vulnerability has been found in the SourceCodester Event Registration System, allowing for cross site scripting through the manipulation of the `First Name/Last Name` argument in the "/event/admin/?page=user/list" endpoint. The attack can be launched remotely. **Recommendations** For SourceCodester Event Registration System version 1.0, consider disabling the functionality related to the "/event/admin/?page=user/list" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `First Name/Last Name` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Human Resource Management System version 1.0 **Description** A critical issue was found in the Admin Panel component, specifically in the file employeeadd.php, leading to improper access controls. This issue can be exploited remotely. **Recommendations** For version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.