Thebugbountyhunter7

**Name of the Vulnerable Software and Affected Versions** Facepay version 1.0 **Description** A critical issue has been found in the software, affecting an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the `userId` argument leads to authorization bypass. This issue can be exploited remotely. **Recommendations** For Facepay version 1.0, as a temporary workaround, consider restricting access to the /face-recognition-php/facepay-master/camera.php file until a patch is available. Avoid using the `userId` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Cold Storage Management System version 1.0 **Description** A vulnerability was found in the component Add New Storage Handler, where the manipulation of the `Name` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Simple Cold Storage Management System version 1.0, consider restricting access to the Add New Storage Handler component until a patch is available. As a temporary workaround, avoid using the `Name` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Cold Storage Management System version 1.0 **Description** A vulnerability was found in the Avatar Handler component, affecting the file /csms/admin/?page=user/manage user. This issue leads to unrestricted upload and can be initiated remotely. The manipulation affects some unknown processing of the file. **Recommendations** For version 1.0, consider disabling the Avatar Handler component until a patch is available to prevent unrestricted upload. Restrict access to the /csms/admin/?page=user/manage user file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.