Yasserreed

**Name of the Vulnerable Software and Affected Versions** Vanderlande Baggage 360 version 7.0.0 **Description** An issue exists in the processing of files within Vanderlande Baggage 360. Manipulation of the `Message` argument in the `/api-addons/v1/messages` API endpoint can lead to cross site scripting. This attack can be performed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A critical vulnerability has been found in the system, affecting an unknown part of the file `/rental/ajax.php?action=delete tenant` of the component POST Request Handler. The manipulation of the `id` argument leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `delete tenant` action in the `/rental/ajax.php` file until a patch is available. Restrict access to the `/rental/ajax.php?action=delete tenant` endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A problem has been found in the processing of the file /rental/ajax.php?action=save tenant. The manipulation of the `lastname`, `firstname`, and `middlename` arguments leads to cross-site scripting. The attack may be initiated remotely. Other parameters might also be affected. **Recommendations** For version 1.0, consider disabling the /rental/ajax.php?action=save tenant endpoint until a patch is available. Restrict access to the `lastname`, `firstname`, and `middlename` arguments in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown function of the file "/rental/ajax.php?action=delete user" of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. **Recommendations** For version 1.0, as a temporary workaround, consider disabling the `delete user` function in the "/rental/ajax.php?action=delete user" endpoint until a patch is available. Restrict access to the vulnerable POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.