Meraklbz

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A flaw exists in O2OA, potentially leading to cross site scripting. The issue affects an unknown function within the `/x program center/jaxrs/agent` file of the Personal Profile Page component. The attack can be launched remotely. The vendor indicated a fix will be included in a new version. **Recommendations** Update to a newer version of O2OA to address this issue.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A vulnerability exists in O2OA that allows for cross site scripting. The issue impacts an unknown function within the `/x portal assemble designer/jaxrs/page` file of the Personal Profile Page component. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Update to a version newer than 10.0-410.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A cross-site scripting issue exists in O2OA’s Personal Profile Page. The issue is related to an unknown functionality of the file `/x cms assemble control/jaxrs/design/appdict`. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A cross site scripting issue exists due to the manipulation of the `name`, `alias`, or `description` argument in the processing of the `/x program center/jaxrs/script` file within the Personal Profile Page component. The attack can be launched remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A weakness exists in O2OA up to version 10.0-410, specifically within the Personal Profile Page component. Manipulation of the `Description` argument in the `/x organization assemble control/jaxrs/person/` file can lead to cross site scripting. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions up to 10.0-410 **Description** A security flaw exists in O2OA that allows for cross site scripting. The vulnerability affects unknown code within the `/x organization assemble personal/jaxrs/definition/calendarConfig` file. Manipulation of the `toMonthViewName` argument can be used to launch an attack remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A cross-site scripting issue exists in O2OA’s Personal Profile Page component. The issue is related to an unknown function within the `/x portal assemble designer/jaxrs/widget` file. Successful exploitation allows for remote execution of malicious scripts. The exploit has been publicly disclosed. **Recommendations** Update to a version of O2OA greater than 10.0-410.

**Name of the Vulnerable Software and Affected Versions** O2OA versions prior to 10.0-410 **Description** A flaw has been found in O2OA that allows for cross site scripting. The issue is related to the manipulation of the argument `name`/`alias`/`description` within an unknown function of the file `/x portal assemble designer/jaxrs/dict/` of the Personal Profile Page component. Remote exploitation is possible. The vendor has indicated a fix will be available in a new version. **Recommendations** Update to a version of O2OA greater than 10.0-410.

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 11.0 Description: A vulnerability exists in WuKongOpenSource WukongCRM 11.0, specifically within an unknown part of the `/adminFile/upload` file of the API Response Handler component. This allows for information exposure through error messages and can be initiated remotely. The exploit for this issue has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Campcodes Complaint Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the /users/complaint-details.php file. The manipulation of the `cid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For Campcodes Complaint Management System version 1.0, consider disabling the `cid` argument in the /users/complaint-details.php file until a patch is available to prevent SQL injection attacks. Restrict access to the complaint-details.php file to minimize the risk of exploitation. Avoid using the `cid` argument in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Campcodes Complaint Management System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /users/check availability.php. The manipulation of the `email` argument leads to SQL injection. The attack can be launched remotely. Recommendations: For Campcodes Complaint Management System version 1.0, as a temporary workaround, consider restricting access to the /users/check availability.php file until a patch is available. Avoid using the `email` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Campcodes Complaint Management System version 1.0 Description: A critical issue has been identified, affecting the /admin/index.php file, where manipulation of the `Username` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Campcodes Complaint Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/index.php file and avoid using the `Username` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Movie Ticketing System version 1.0 Description: A critical issue has been discovered, affecting the /logIn.php file. The manipulation of the `postName` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For code-projects Movie Ticketing System version 1.0, consider restricting access to the /logIn.php file until a fix is available. As a temporary workaround, avoid using the `postName` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: code-projects Movie Ticketing System version 1.0 Description: A critical issue affects the processing of the file "/ticketConfirmation.php". The manipulation of the `Date` argument leads to SQL injection. The attack may be initiated remotely. Recommendations: For code-projects Movie Ticketing System version 1.0, consider restricting access to the "/ticketConfirmation.php" file until a fix is available. As a temporary workaround, avoid using the `Date` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue was found in the software, affecting the file /classes/SystemSettings.php. The manipulation of the `img` argument leads to unrestricted upload. This issue can be initiated remotely. Recommendations: For version 1.0, consider restricting access to the /classes/SystemSettings.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `img` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /classes/Login.php. The manipulation of the `Username` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider restricting access to the `/classes/Login.php` file until a patch is available. As a temporary workaround, avoid using the `Username` argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue affects some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the `img` argument leads to unrestricted upload. The attack may be launched remotely. Recommendations: For version 1.0, consider restricting access to the /classes/Content.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `img` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue was found in the software, affecting an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider restricting access to the /admin/testimonials/manage.php file until a fix is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue was found in the software, affecting an unknown function of the file /admin/clients/manage.php. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For SourceCodester Simple Company Website version 1.0, as a temporary workaround, consider restricting access to the /admin/clients/manage.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue affects the processing of the file "/admin/services/manage.php". The manipulation of the `ID` argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For SourceCodester Simple Company Website version 1.0, consider restricting access to the "/admin/services/manage.php" file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.