Riya Agrawal

**Name of the Vulnerable Software and Affected Versions** itsourcecode Placement Management System version 1.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `Full Name` field in the "registration.php" endpoint. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For itsourcecode Placement Management System version 1.0, as a temporary workaround, consider restricting input for the `Full Name` field in the registration.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail version 1.6.9 **Description** The issue allows remote authenticated users to upload a malicious file as an email attachment. This leads to the triggering of a Cross-Site Scripting (XSS) attack when the SENT session is visited. **Recommendations** For Roundcube Webmail version 1.6.9, consider disabling the file upload feature for email attachments until a patch is available. Restrict access to the SENT session to minimize the risk of exploitation. Avoid using the email attachment feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Placement Management System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via the Full Name field in registration.php. This allows for potential malicious script injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For itsourcecode Placement Management System version 1.0, consider disabling the Full Name field in registration.php as a temporary workaround until a patch is available. Restrict access to the registration.php page to minimize the risk of exploitation. Avoid using the `Full Name` field in the affected registration.php page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.