Vivek Choudhary

**Name of the Vulnerable Software and Affected Versions** Phpgurukul Student Study Center Management System version 1.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the `Admin Name` field on the Admin Profile page. This allows for potential malicious script injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Phpgurukul Student Study Center Management System version 1.0, consider validating and sanitizing user input in the `Admin Name` field to prevent XSS attacks. As a temporary workaround, restrict access to the Admin Profile page until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Enrollment System Project version V1.0 **Description** The issue concerns SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. This is due to the application's failure to properly validate user-supplied input in the `username` and `password` fields during the login process, enabling an attacker to inject malicious SQL code. **Recommendations** For Sourcecodester Enrollment System Project version V1.0, consider implementing proper input validation and sanitization for the `username` and `password` fields to prevent SQL injection attacks. As a temporary workaround, restrict access to the login functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.