Yulin Chen

**Name of the Vulnerable Software and Affected Versions** code-projects Computer Laboratory System version 1.0 **Description** The software contains a SQL injection flaw. Specifically, providing a universal password in the `Password` field on the login page allows bypassing authentication. The affected API endpoint is the login page. The vulnerable parameter is `Password`. **Recommendations** Apply a fix to sanitize user input for the `Password` field on the login page to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** code-projects Human Resource Integrated System version 1.0 **Description** The Human Resource Integrated System is susceptible to Cross Site Scripting (XSS) attacks. This issue affects the Add Child Information section, specifically within the `Childs Name` field, and the Add Parent Information section, specifically within the `Father Firstname` field. **Recommendations** As a mitigation, sanitize all user inputs in the `Childs Name` field within the Add Child Information section. As a mitigation, sanitize all user inputs in the `Father Firstname` field within the Add Parent Information section.