Rohit_12

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Courier Management System version 1.0 **Description** A problematic issue has been found in the Manage Account Page component, where the manipulation of the `First Name` argument leads to cross-site scripting. The attack can be initiated remotely. There have been reports of offensive activities targeting this system. **Recommendations** For SourceCodester Best Courier Management System version 1.0, consider disabling the Manage Account Page component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the `First Name` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Train Scheduler App version 1.0 **Description** A critical issue affects some unknown functionality of the file "/train scheduler app/?action=delete". The manipulation of the `id` argument leads to improper control of resource identifiers, allowing for remote attacks. **Recommendations** For SourceCodester Train Scheduler App version 1.0, consider restricting access to the "/train scheduler app/?action=delete" endpoint until a fix is available. As a temporary workaround, avoid using the `id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.