Mohammed Aashique

**Name of the Vulnerable Software and Affected Versions** CodeAstro Stock Management System version 1.0 **Description** A vulnerability was found in the CodeAstro Stock Management System, affecting some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the `Category Name` and `Category Description` arguments leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** For CodeAstro Stock Management System version 1.0, consider disabling the Add Category Handler component until a patch is available. Restrict access to the /index.php file to minimize the risk of exploitation. Avoid using the `Category Name` and `Category Description` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Internet Banking System version 1.0 **Description** A problematic issue was found in the CodeAstro Internet Banking System, affecting an unknown part of the file pages client signup.php. The manipulation of the argument `Client Full Name` with the input `<meta http-equiv="refresh" content="0; url=https://vuldb.com" />` leads to an open redirect. This issue can be initiated remotely. **Recommendations** For CodeAstro Internet Banking System version 1.0, as a temporary workaround, consider restricting the input for the `Client Full Name` argument to prevent open redirect attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Railway Reservation System version 1.0 **Description** A vulnerability has been found in the CodeAstro Online Railway Reservation System, classified as problematic. This issue affects unknown code of the file pass-profile.php. The manipulation of the argument `First Name`, `Last Name`, or `User Name` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For CodeAstro Online Railway Reservation System version 1.0, consider restricting access to the pass-profile.php file until a patch is available. As a temporary workaround, avoid using the arguments `First Name`, `Last Name`, and `User Name` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Internet Banking System version 1.0 **Description** A problematic vulnerability was found in the CodeAstro Internet Banking System, affecting an unknown functionality of the file pages client signup.php. The manipulation of the `Client Full Name` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For CodeAstro Internet Banking System version 1.0, consider restricting access to the pages client signup.php file until a patch is available. As a temporary workaround, avoid using the `Client Full Name` argument in the affected functionality to minimize the risk of exploitation.