Yunaranyancat

**Name of the Vulnerable Software and Affected Versions** Quick 'n Easy FTP Service version 3.2 **Description** An unquoted service path issue allows local attackers to execute arbitrary code during service startup. By exploiting the misconfigured service binary path, attackers can inject malicious executables to gain elevated LocalSystem privileges during system boot or service restart. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Centreon version 22.04.0 **Description** The issue is related to a Cross Site Scripting (XSS) attack. It can be exploited from the function Pollers > Broker Configuration by adding a crafted payload into the `name` parameter. This allows for the execution of malicious scripts. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. Technical details about exploitation include the use of a crafted payload in the `name` parameter. The API endpoint `/centreon/main.get.php?p=60909` is involved, specifically the section where the "Add" button is clicked and the payload is entered in the "Name" section. **Recommendations** For Centreon version 22.04.0, as a temporary workaround, consider disabling the Pollers > Broker Configuration function until a patch is available. Restrict access to the `/centreon/main.get.php?p=60909` endpoint to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Multi Restaurant Table Reservation System version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `Table Name` field in the "/dashboard/table-list.php" API endpoint. This allows for potential malicious script injection. **Recommendations** For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider validating and sanitizing user input in the `Table Name` field to prevent XSS attacks. As a temporary workaround, restrict access to the "/dashboard/table-list.php" endpoint until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Multi Restaurant Table Reservation System version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `Made` field to the "/dashboard/menu-list.php" API endpoint. **Recommendations** For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider restricting access to the "/dashboard/menu-list.php" endpoint until a fix is available. As a temporary workaround, avoid using the `Made` field in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Multi Restaurant Table Reservation System version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `food type` field in the "/dashboard/menu-list.php" API endpoint. This allows for potential malicious script injection. **Recommendations** For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider restricting access to the "/dashboard/menu-list.php" endpoint until a fix is available, and avoid using the `food type` field in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Multi Restaurant Table Reservation System version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `Item Name` field to the "/dashboard/menu-list.php" API endpoint. This allows for malicious script execution. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider validating and sanitizing user input for the `Item Name` field to prevent XSS attacks. As a temporary workaround, restrict access to the "/dashboard/menu-list.php" endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Multi Restaurant Table Reservation System version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the "Restaurant Name" field in the "/dashboard/profile.php" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider validating and sanitizing user input for the `Restaurant Name` field to prevent XSS attacks. As a temporary workaround, restrict access to the "/dashboard/profile.php" endpoint until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Multi Restaurant Table Reservation System version 1.0 **Description** The issue arises from the lack of input validation on the `table id` parameter in the file view-chair-list.php, allowing unauthenticated SQL Injection. An attacker can exploit this by sending malicious input in the GET request to "/dashboard/view-chair-list.php?table id=". **Recommendations** For Multi Restaurant Table Reservation System version 1.0, consider disabling the view-chair-list.php file or restricting access to the "/dashboard/view-chair-list.php" endpoint until a patch is available. Avoid using the `table id` parameter in the affected API endpoint until the issue is resolved.