Mohitkumar0786

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laboratory Management System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via the `Middle Name` parameter in the Create User function. This allows for potential malicious script injection. **Recommendations** For SourceCodester Laboratory Management System version 1.0, as a temporary workaround, consider restricting the input for the `Middle Name` parameter in the Create User function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laboratory Management System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via the `First Name` parameter in the Create User function. This allows for potential malicious script injection. **Recommendations** For SourceCodester Laboratory Management System version 1.0, as a temporary workaround, consider validating and sanitizing the `First Name` parameter to prevent XSS attacks until a patch is available. Restrict access to the Create User function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cosmetics and Beauty Product Online Store version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Last Name` parameter. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For Cosmetics and Beauty Product Online Store version 1.0, consider validating and sanitizing user input for the `Last Name` parameter to prevent malicious payloads from being injected. As a temporary workaround, restrict the use of the `Last Name` field until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Insurance Management System version 1.0 **Description** The issue allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Category Name` parameter at "/core/new category2". This enables attackers to perform Cross Site Scripting (XSS) attacks. **Recommendations** For Insurance Management System version 1.0, consider disabling access to the "/core/new category2" endpoint until a patch is available, and restrict the use of the `Category Name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cosmetics and Beauty Product Online Store version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Search` parameter. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For Cosmetics and Beauty Product Online Store version 1.0, consider disabling the Search function until a patch is available to prevent exploitation of the XSS issue. Restrict access to the Search parameter to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** Cosmetics and Beauty Product Online Store version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `First Name` parameter. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For Cosmetics and Beauty Product Online Store version 1.0, consider validating and sanitizing user input for the `First Name` parameter to prevent XSS attacks. As a temporary workaround, restrict the use of the `First Name` field until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cosmetics and Beauty Product Online Store version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Product Name` parameter. This enables attackers to potentially manipulate the website's behavior or steal user data. **Recommendations** For Cosmetics and Beauty Product Online Store version 1.0, consider disabling the `Product Name` parameter until a patch is available to prevent exploitation. Restrict access to the affected parameter to minimize the risk of arbitrary script execution.