Progprnv

Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in the FAQ Management System. An authenticated attacker can inject malicious JavaScript into the `question` and `answer` fields. This is achieved via the `/update-faq.php` endpoint. Recommendations: As a mitigation, sanitize all user inputs for the `question` and `answer` fields before storing them in the database. Restrict access to the `/update-faq.php` endpoint to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Microweber CMS2.0 **Description** Reflected Cross-Site Scripting (XSS) exists in the `id` parameter of the `/live edit.module settings` API endpoint, allowing for the execution of arbitrary JavaScript. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microweber CMS version 2.0 **Description** The application suffers from a reflected Cross-Site Scripting (XSS) issue. This allows arbitrary JavaScript execution in the context of authenticated admin users through the `layout` parameter on the `/admin/page/create` page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microweber CMS version 2.0 **Description** Microweber CMS 2.0 is susceptible to Cross Site Scripting (XSS) attacks. The vulnerability exists in the `/projects/profile` homepage `endpoint` via the `last name` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microweber CMS version 2.0 **Description** A stored cross-site scripting (XSS) vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in admin browsers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.