Yllxx03

Name of the Vulnerable Software and Affected Versions: python food ordering system version V1.0 Description: The python food ordering system has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through the "https://ip:port/api/myapp/index/user/info?id=1" API endpoint and modify the `id` value to obtain sensitive user information beyond authorization. Recommendations: For version V1.0, as a temporary workaround, consider restricting access to the "/api/myapp/index/user/info" API endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: emlog pro versions 2.3.18 and earlier Description: The issue allows attackers to write malicious JavaScript code in published articles, potentially leading to Cross Site Scripting (XSS) attacks. Recommendations: For emlog pro versions 2.3.18 and earlier, update to a version later than 2.3.18 to resolve the issue.