P.L. Sanu

**Name of the Vulnerable Software and Affected Versions** bludit version 3.13.1 **Description** A Stored Cross Site Scripting (XSS) issue exists via the TAGS section in the login panel. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions. **Recommendations** For bludit version 3.13.1, as a temporary workaround, consider disabling the TAGS section in the login panel until a patch is available. Restrict access to the login panel to minimize the risk of exploitation. Avoid using the TAGS section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the `My Account Section` in the `login panel`. This allows for malicious script execution. **Recommendations** For Vehicle Service Management System version 1.0, consider disabling the `My Account Section` in the `login panel` as a temporary workaround until a patch is available. Restrict access to this section to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the Mechanic List Section in the login panel. **Recommendations** For version 1.0, consider disabling access to the Mechanic List Section in the login panel until a fix is available. Restrict input validation for the Mechanic List Section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the Service Requests Section in the login panel. This allows for malicious scripts to be stored and executed, potentially affecting users of the system. **Recommendations** For Vehicle Service Management System version 1.0, consider disabling the Service Requests Section in the login panel as a temporary workaround until a patch is available. Restrict access to this section to minimize the risk of exploitation. Avoid using the affected login panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the Category List Section in the login panel. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions. **Recommendations** For Vehicle Service Management System version 1.0, consider disabling the Category List Section in the login panel as a temporary workaround until a patch is available. Restrict access to this section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the Service List Section in the login panel. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions. **Recommendations** For Vehicle Service Management System version 1.0, consider disabling the Service List Section in the login panel as a temporary workaround until a patch is available. Restrict access to this section to minimize the risk of exploitation. Avoid using the Service List Section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the User List Section in the login panel. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions on the system. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider disabling the User List Section in the login panel as a temporary workaround until a patch is available. Restrict access to this section to minimize the risk of exploitation. Avoid using the User List feature in the login panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** A Stored Cross Site Scripting (XSS) issue exists via the Settings Section in the login panel. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider restricting access to the Settings Section in the login panel until a fix is available. As a temporary workaround, avoid using the Settings Section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** A Privilege Escalation issue exists, allowing staff account users to access admin resources and perform CRUD operations. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider restricting access to admin resources to prevent unauthorized CRUD operations until a patch is available. As a temporary workaround, limit the privileges of staff account users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** The issue allows an attacker to upload a malicious php file in multiple endpoints, leading to Code Execution. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider disabling file upload functionality until a patch is available. Restrict access to endpoints that allow file uploads to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** An Unrestricted File Upload issue exists, allowing a remote attacker to upload malicious files. This can lead to a Stored Cross-Site Scripting issue. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider restricting file uploads to only necessary and validated files to minimize the risk of exploitation. As a temporary workaround, restrict access to the file upload feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Vehicle Service Management System version 1.0 **Description** An Unrestricted File Upload issue exists, allowing a remote attacker to upload malicious files, which can lead to Html Injection. **Recommendations** For Sourcecodester Vehicle Service Management System version 1.0, consider restricting file uploads to only necessary and validated files to minimize the risk of exploitation. As a temporary workaround, restrict access to file upload functionality until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** Vehicle Service Management System version 1.0 **Description** A Cross Site Request Forgery (CSRF) issue exists, which can lead to a Stored Cross Site Scripting vulnerability when a CSRF attack is successful. **Recommendations** For Vehicle Service Management System version 1.0, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive operations that could be exploited through CSRF attacks until a proper fix is applied.