R0Ck3T

**Name of the Vulnerable Software and Affected Versions** SourceCodester File Manager App version 1.0 **Description** A vulnerability has been found in the SourceCodester File Manager App, affecting an unknown functionality of the component Add File Handler. The manipulation of the argument `File Title/Uploaded By` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester File Manager App version 1.0, as a temporary workaround, consider restricting the use of the `Add File Handler` component until a patch is available. Avoid using the `File Title/Uploaded By` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinic Queuing System version 1.0 Description: A vulnerability was found in the Clinic Queuing System, affecting the function `save patient` of the file `patient side.php`. The manipulation of the arguments `Full Name`, `Contact`, and `Address` leads to cross-site scripting. The attack can be launched remotely. The input fields `Full Name`, `Contact`, and `Address` do not sanitize user input, which leads to stored cross-site scripting. Recommendations: As a temporary workaround, consider disabling the `save patient` function in the `patient side.php` file until a patch is available. Restrict access to the input fields `Full Name`, `Contact`, and `Address` to minimize the risk of exploitation. Avoid using these fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Service Provider Management System version 1.0 Description: A vulnerability was found in the System Info Page component of the SourceCodester Service Provider Management System. The issue is due to the lack of protection measures for the web page structure, allowing an attacker to conduct a cross-site scripting (XSS) attack remotely. The manipulation of the `System Name`/`System Short Name` argument leads to XSS. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `system info/index.php` file until a patch is available. Restrict access to the System Info Page component to minimize the risk of exploitation. Avoid using the `System Name` and `System Short Name` input fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A vulnerability was found in the function `get student` of the file `student form.php`. The manipulation of the argument `id` leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Simple Student Attendance System version 1.0, consider disabling the `get student` function in `student form.php` until a patch is available. Restrict access to the `student form.php` file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webTareas version 2.2p1 **Description** A Cross Site Scripting (XSS) issue exists, allowing exploitation via the `Name` field in the "/linkedcontent/editfolder.php" API endpoint. This enables potential attackers to inject malicious scripts into the website. **Recommendations** For webTareas version 2.2p1, as a temporary workaround, consider restricting access to the "/linkedcontent/editfolder.php" endpoint until a patch is available. Avoid using the `Name` field in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webTareas version 2.2p1 **Description** A Cross Site Scripting (XSS) issue exists in webTareas, allowing attackers to inject malicious scripts via the `Name` field in the `/projects/editproject.php` API endpoint. **Recommendations** For webTareas version 2.2p1, as a temporary workaround, consider restricting access to the `/projects/editproject.php` endpoint until a patch is available. Avoid using the `Name` field in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.2.9 Description: A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `New Article` field under the `Article` plugin. This enables attackers to potentially manipulate the website's content or steal user data. Recommendations: For CSZ CMS version 1.2.9, consider disabling the `Article` plugin until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the `New Article` field to minimize the risk of malicious payload injection.

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.2.9 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `New Pages` field under the `Pages Content` module. Recommendations: For CSZ CMS version 1.2.9, consider restricting access to the `Pages Content` module to minimize the risk of exploitation. Avoid using the `New Pages` field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webTareas version 2.1 **Description** The issue concerns Cross Site Scripting (XSS) on the "Search" functionality. **Recommendations** For webTareas version 2.1, update to a version that fixes the XSS issue in the "Search" functionality.