Sacx-7

**Name of the Vulnerable Software and Affected Versions** CloudClassroom-PHP-Project version 1.0 **Description** A SQL Injection vulnerability exists in the `takeassessment2.php` endpoint of CloudClassroom-PHP-Project version 1.0, where the `Q5` POST parameter is directly embedded in SQL statements without sanitization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CloudClassroom-PHP-Project version 1.0 **Description** The software contains a reflected Cross-site Scripting (XSS) vulnerability in the `email` parameter of the `/postquerypublic` API endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user’s browser, potentially leading to session hijacking or phishing attacks. **Recommendations** Ensure proper sanitization of the `email` parameter within the `/postquerypublic` API endpoint.

**Name of the Vulnerable Software and Affected Versions** CloudClassroom PHP Project (affected versions not specified) **Description** A Cross-Site Scripting (XSS) issue exists in the CloudClassroom PHP Project, specifically in the askquery.php file, via the `eid` parameter. This allows remote attackers to inject arbitrary JavaScript code in the context of a victim's browser session by sending a crafted URL. The potential impact includes session hijacking or defacement. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.