M Lohith

**Name of the Vulnerable Software and Affected Versions** Online Jewelry Shop version 1.0 **Description** A stored cross-site scripting (XSS) issue in the "/index.php?page=category list" API endpoint of Online Jewelry Shop allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Category Name` parameter. **Recommendations** For Online Jewelry Shop version 1.0, as a temporary workaround, consider restricting access to the "/index.php?page=category list" API endpoint until a patch is available. Avoid using the `Category Name` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Owners Collection Management System version 1.0 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /student attendance/index.php component. **Recommendations** For Home Owners Collection Management System version 1.0, consider disabling the /student attendance/index.php component until a patch is available to prevent arbitrary file uploads and subsequent code execution.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** A Cross Site Scripting (XSS) issue exists in the system via the `fullname` parameter in a Send Service Request in vehicle service. This allows for potential malicious script execution. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider validating and sanitizing the `fullname` parameter to prevent XSS attacks. As a temporary workaround, restrict access to the Send Service Request feature in vehicle service until a patch is available.