Momo1239

**Name of the Vulnerable Software and Affected Versions** html2xhtml version 1.3 **Description** A stack-buffer-overflow issue exists in the `read charset decl` function due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this by providing a specially crafted input, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. **Recommendations** For html2xhtml version 1.3, as a temporary workaround, consider disabling the `read charset decl` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Customer Relationship Management System version 1.0 **Description** The issue allows an attacker to execute arbitrary code. This can be achieved via the `company` or `query` parameter(s) in a Cross Site Scripting vulnerability, or through a SQL injection vulnerability by exploiting the `name` parameter in the "get-quote.php" endpoint. **Recommendations** For version 1.0, consider disabling the `get-quote.php` endpoint or restricting access to it until a patch is available. Avoid using the `company`, `query`, and `name` parameters in affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Customer Relationship Management System version 1.0 **Description** The issue allows an attacker to execute arbitrary code via the `name` parameter in the "get-quote.php" endpoint. This enables the attacker to potentially inject malicious SQL code, compromising the system's security. **Recommendations** For SourceCodester Simple Customer Relationship Management System version 1.0, consider restricting access to the "get-quote.php" endpoint until a patch is available. As a temporary workaround, avoid using the `name` parameter in the affected endpoint to minimize the risk of exploitation.