Saket Saurav

**Name of the Vulnerable Software and Affected Versions** Lumidek Associates Simple Food Website version 1.0 **Description** The issue allows anyone to take over admin or moderator accounts due to Cross Site Request Forgery (CSRF). This means an attacker can perform actions on behalf of the admin or moderator without their knowledge or consent. **Recommendations** For Lumidek Associates Simple Food Website version 1.0, consider implementing proper CSRF protection mechanisms, such as tokens or headers, to prevent unauthorized requests. As a temporary workaround, restrict access to admin and moderator accounts until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Simple Food Website version 1.0 **Description** The issue allows a moderation to inject a Cross Site Scripting Payload in various fields on the 'http://127.0.0.1:1234/food/admin/all users.php' page, such as the Full Username field, resulting in stored XSS. **Recommendations** For Simple Food Website version 1.0, consider restricting access to the 'http://127.0.0.1:1234/food/admin/all users.php' page until a fix is available, and avoid using fields like Full Username that can be exploited for stored XSS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rescue Dispatch Management System version 1.0 **Description** The issue is related to Incorrect Access Control. It can be exploited via the API endpoint "http://localhost/rdms/admin/?page=system info". **Recommendations** For Rescue Dispatch Management System version 1.0, as a temporary workaround, consider restricting access to the "http://localhost/rdms/admin/?page=system info" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rescue Dispatch Management System version 1.0 **Description** The issue allows for Stored XSS, which can lead to admin account takeover via cookie stealing. **Recommendations** For Rescue Dispatch Management System version 1.0, consider disabling the feature that allows user input to prevent Stored XSS attacks until a patch is available. Restrict access to admin accounts to minimize the risk of exploitation. Avoid using the system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.