Suc2Es2

**Name of the Vulnerable Software and Affected Versions** SapneshNaik Student Management System (affected versions not specified) **Description** A flaw exists in SapneshNaik Student Management System that allows for cross site scripting. The issue is related to the manipulation of the `Error` argument within the file `index.php`. This manipulation occurs in an unknown function. The attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Changsha Developer Technology iView Editor versions up to 1.1.1 **Description** A flaw exists in the Markdown Handler component of the software that allows for cross site scripting. The issue is remotely exploitable and details of the exploit are publicly available. The vendor was notified but did not respond. **Recommendations** Update to a version beyond 1.1.1.

**Name of the Vulnerable Software and Affected Versions** itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0 **Description** A flaw exists in itsourcecode E-Logbook with Health Monitoring System for COVID-19, potentially allowing for SQL injection. The issue is related to the processing of the `/check profile.php` file. Manipulation of the `profile id` argument can lead to exploitation. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.