Sam Wallace

**Name of the Vulnerable Software and Affected Versions** Garmin Connect version 4.61 **Description** The issue concerns the exposure of private personal information through the LiveTrack API when a LiveTrack session is terminated. This problem is noted in Garmin Connect, where ending a session does not prevent the continued exposure of sensitive information. It's worth mentioning that the vendor disputes this issue, citing that the LiveTrack API service is not a customer-controlled product. **Recommendations** For Garmin Connect version 4.61, consider disabling the LiveTrack feature until a resolution is provided to prevent the exposure of private personal information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Garage Management System version 1.0 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `categoriesName` parameter in "createCategories.php". **Recommendations** For Garage Management System version 1.0, consider disabling the `categoriesName` parameter in the "createCategories.php" file until a patch is available to prevent exploitation. Restrict access to the "createCategories.php" file to minimize the risk of arbitrary web script execution. Avoid using the `categoriesName` parameter in the affected endpoint until the issue is resolved.