Tansique Dasari

**Name of the Vulnerable Software and Affected Versions** Institute-of-Current-Students version 1.0 **Description** A reflected cross-site scripting (XSS) issue exists due to improper sanitization of user input. Specifically, the application fails to sanitize the `email` parameter before reflecting it in the HTML response. This allows attackers to inject and execute arbitrary JavaScript code in the context of a victim’s browser. Successful exploitation may lead to session hijacking or credential theft. The vulnerable endpoint is `/postquerypublic`. **Recommendations** Institute-of-Current-Students version 1.0: Sanitize user input for the `email` parameter in the `/postquerypublic` endpoint to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** CloudClassroom-PHP-Project version 1.0 **Description** The issue allows unauthenticated attackers to bypass authentication and gain administrative access due to SQL Injection in the loginlinkadmin.php file. The application fails to properly sanitize user inputs before constructing SQL queries, enabling an attacker to manipulate database queries via specially crafted payloads. **Recommendations** For CloudClassroom-PHP-Project version 1.0, consider implementing proper input sanitization to prevent SQL Injection attacks. As a temporary workaround, restrict access to the loginlinkadmin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.