Rocky__Cheng

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A cross-site scripting issue exists due to manipulation of the `sname` argument. The issue is located in an unknown function within the `/admin/update s5.php` file. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A cross-site scripting issue exists in code-projects Exam Form Submission 1.0. The issue is located in the file `/admin/update s4.php` and involves manipulation of the `sname` parameter. The attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Versions prior to 1.0 should be used. As a temporary workaround, consider restricting access to the `/admin/update s4.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A cross-site scripting issue exists in code-projects Exam Form Submission 1.0. The issue is related to manipulating the `sname` argument of an unknown function within the /admin/update s3.php file. This manipulation can lead to cross-site scripting, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Update to a newer version of code-projects Exam Form Submission that addresses this issue. As a temporary workaround, restrict access to the /admin/update s3.php file to minimize the risk of exploitation. Avoid using the `sname` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Frozen Foods Ordering System version 1.0 **Description** A security issue exists in itsourcecode Online Frozen Foods Ordering System 1.0. The issue affects unknown code within the `/admin/admin edit supplier.php` file. Manipulating the `Supplier Name` argument can lead to SQL injection. This attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.