Pranav Jayan

Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in the FAQ Management System. An authenticated attacker can inject malicious JavaScript into the `question` and `answer` fields. This is achieved via the `/update-faq.php` endpoint. Recommendations: As a mitigation, sanitize all user inputs for the `question` and `answer` fields before storing them in the database. Restrict access to the `/update-faq.php` endpoint to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Microweber CMS version 2.0 **Description** The application suffers from a reflected Cross-Site Scripting (XSS) issue. This allows arbitrary JavaScript execution in the context of authenticated admin users through the `layout` parameter on the `/admin/page/create` page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.