Srivishnu

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System up to 20240325 **Description** A vulnerability was found in the Bdtask Multi-Store Inventory Management System, affecting an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. This issue leads to cross-site request forgery and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Bdtask Multi-Store Inventory Management System up to 20240325, consider disabling access to the /stockmovment/stockmovment/delete/ endpoint as a temporary workaround until a patch is available. Restrict access to the Stock Movement Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System versions up to 20240320 **Description** A vulnerability was found in the system, affecting an unknown functionality. The manipulation of the `Category Name`, `Model Name`, `Brand Name`, or `Unit Name` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 20240320, as a temporary workaround, consider restricting the use of the `Category Name`, `Model Name`, `Brand Name`, and `Unit Name` arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System versions up to 20240320 **Description** A problematic issue was found in the Store Update Page component of the Bdtask Multi-Store Inventory Management System. The manipulation of the `Store Name` and `Store Address` arguments leads to cross-site scripting. This issue can be exploited remotely. The exploit has been disclosed to the public. The vendor was contacted about this issue but did not respond. **Recommendations** For versions up to 20240320, as a temporary workaround, consider restricting access to the Store Update Page until a patch is available. Avoid using the `Store Name` and `Store Address` arguments in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System versions up to 20240320 **Description** A vulnerability was found in the Page Title Handler component of the system, which can lead to cross-site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For versions up to 20240320, as a temporary workaround, consider restricting access to the Page Title Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Wholesale Inventory Management System versions up to 20240311 **Description** A vulnerability was found in the system, affecting an unknown functionality, which leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 20240311, as a temporary workaround, consider implementing additional security measures to prevent session fixation attacks, such as regenerating session IDs after a successful login. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Hospital AutoManager up to 20240227 **Description** A vulnerability was found in the Prescription Page component, affecting the file `/prescription/prescription/delete/`. This issue leads to improper authorization and can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For Bdtask Hospital AutoManager up to 20240227, consider disabling access to the `/prescription/prescription/delete/` endpoint until a patch is available. Restrict access to the Prescription Page component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Hospital AutoManager up to 20240227 **Description** A vulnerability has been found in the component Update Bill Page, specifically affecting unknown code of the file /billing/bill/edit/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Bdtask Hospital AutoManager up to 20240227, consider restricting access to the /billing/bill/edit/ endpoint until a patch is available. As a temporary workaround, avoid using the Update Bill Page component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 **Description** A vulnerability was found in the Password Reset Handler component, specifically affecting some unknown functionality of the file /Setting/change password save. This issue leads to cross-site request forgery and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0, consider disabling the Password Reset Handler component until a patch is available. Restrict access to the `/Setting/change password save` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 **Description** A problematic issue has been found in the software, affecting the processing of the file /Home/Index of the Prescription Dashboard component. The manipulation of the `Title` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0, as a temporary workaround, consider restricting access to the /Home/Index file of the Prescription Dashboard component to minimize the risk of exploitation. Avoid using the `Title` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 **Description** A problematic issue was found in the software, affecting an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument `Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name` leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 **Description** A vulnerability has been found in the software, classified as problematic. It affects an unknown functionality of the file /Venue controller/edit venue/ of the component Edit Venue Page. The manipulation of the `Venue map` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0, consider restricting access to the Edit Venue Page, specifically the /Venue controller/edit venue/ file, to minimize the risk of exploitation. As a temporary workaround, avoid using the `Venue map` argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Hospita AutoManager versions up to 20240223 **Description** A problem was found in the Hospital Activities Page component, affecting the processing of the /hospital activities/birth/form file. The issue is related to the manipulation of the `Description` argument with specific input, such as `<img src=a onerror=alert(1)>`, which leads to Cross-Site Scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Bdtask Hospita AutoManager versions up to 20240223, consider disabling the `Description` argument in the /hospital activities/birth/form file to minimize the risk of exploitation until a patch is available. Restrict access to the Hospital Activities Page component to reduce the risk of remote attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bdtask Hospita AutoManager up to 20240223 **Description** A vulnerability has been found in the Investigation Report Handler component, affecting unknown code of the file "/investigation/delete/". This issue leads to cross-site request forgery and can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Bdtask Hospita AutoManager up to 20240223, consider disabling access to the "/investigation/delete/" file as a temporary workaround until a patch is available. Restrict access to the Investigation Report Handler component to minimize the risk of exploitation. Avoid using the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Isshue Multi Store eCommerce Shopping Cart Solution version 4.0 **Description** A problematic issue was found in the Manage Sale Page component, specifically affecting the /dashboard/Cinvoice/manage invoice file. The manipulation of the `Title` argument leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For Bdtask Isshue Multi Store eCommerce Shopping Cart Solution version 4.0, consider restricting access to the Manage Sale Page component until a fix is available. As a temporary workaround, avoid using the `Title` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bdtask Bhojon Best Restaurant Management Software version 2.9 **Description** A problematic issue has been found in the software, affecting the processing of the file /dashboard/message of the component Message Page. The manipulation of the argument `Title` leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For version 2.9, consider disabling the manipulation of the `Title` argument in the /dashboard/message file of the Message Page component until a patch is available. Restrict access to the Message Page to minimize the risk of exploitation. Avoid using the `Title` argument in the affected component until the issue is resolved.