Tutuba

**Name of the Vulnerable Software and Affected Versions** Sparksuite SimpleMDE versions up to 1.11.2 **Description** A problematic vulnerability was found in Sparksuite SimpleMDE, affecting an unknown part of the component iFrame Handler. The manipulation leads to cross-site scripting and can be initiated remotely. **Recommendations** For versions up to 1.11.2, update to a version later than 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the iFrame Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple Design Daily Journal version 1.012.GP.B **Description** A vulnerability has been found in the SQLite Database component, leading to cleartext storage in a file or on disk. The manipulation can be launched on the local host. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.012.GP.B, consider restricting access to the SQLite Database component to minimize the risk of exploitation. As a temporary workaround, avoid using the SQLite Database functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Certificate Generator App version 1.0 **Description** The issue is related to a lack of protection against SQL query structure exploitation in the action.php script of the Medical Certificate Generator App. This allows a remote attacker to execute arbitrary SQL code by manipulating the `lastname` argument, leading to a SQL injection attack. **Recommendations** For SourceCodester Medical Certificate Generator App version 1.0, consider disabling the `action.php` script or restricting access to it until a patch is available to prevent SQL injection attacks. Additionally, avoid using the `lastname` argument in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calendar Event Management System version 2.3.0 **Description** A critical issue was found in the system, affecting an unknown part. The manipulation of the `start` and `end` arguments leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Calendar Event Management System version 2.3.0, consider restricting access to the SQL database to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `start` and `end` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calendar Event Management System version 2.3.0 **Description** A critical issue affects the Login Page component of the system, where the manipulation of the `name` and `pwd` arguments leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Calendar Event Management System version 2.3.0, consider restricting access to the Login Page until a fix is available. As a temporary workaround, avoid using the `name` and `pwd` arguments in the login process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the `Username` and `Password` parameters on the Login page, specifically the '/login' API endpoint. **Recommendations** For Hospital Management System version 1.0, consider temporarily disabling the login functionality until a patch is available. Restrict access to the login page to minimize the risk of exploitation. Avoid using the `Username` and `Password` parameters in the affected login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kirby's Starterkit version 3.7.0.2 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Tags` field. **Recommendations** For version 3.7.0.2, consider disabling the Tags field until a patch is available to prevent exploitation. Restrict access to the Tags field to minimize the risk of arbitrary script execution. Avoid using the `Tags` field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.