An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.

Nokia

**Vulnerable software**

NetAct v 20.1

**Severity level**

Severity level: Medium  
Impact: Cross Site Template Injection (CSTI)  
Access Vector: Remote  

CVSS v3.1  
Base Score: 5,0  
Vector: (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L)

CVE-2023-26060

**Vulnerability description:**

Input validation was missing while creating the working set, in working set manager application. Nokia NetAct users can create a Working Set with a name that injects a client-side template Injection payloads. The attack can only be performed by an internal user. The vulnerability is fixed in NetAct 22 FP2211 and onwards.

**Advisory status**

10.10.2022 - Vendor gets vulnerability details

**Credits**

The vulnerability was detected by Vladimir Razov and Aleksandr Ustinov (Positive Technologies)

CVE-2023-26060: PT-2022-04: Cross Site Template Injection (CSTI)

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.

    # Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29848*Steps to Reproduce:*1. First login to your admin panel.2. then go to Menu section and click add new menu from group.your request data will be:POST /bangresto/admin/menu.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 87Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/admin/menu.phpCookie: PHPSESSID=2vjsfgt0koh0qdiq5n6d17utn6Connection: closeitemName=test&itemPrice=1&menuID=1&addItem=3. Then use any XSS Payload in "itemName" parameter and click add.4. You will see XSS pop up.

CVE-2023-29848: Bang Resto 1.0 Cross Site Scripting ≈ Packet Storm

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.

Tenda AC15 Unauthorized stack overflow vulnerability

****1\. Affected version:****

US\_AC15V1.0BR\_V15.03.05.19

****2\. Firmware download address****

资料下载\_腾达(Tenda)官方网站

****3\. Vulnerability details****

The function "xkjs\_ver32" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.

**5\. Author**

范启航 220579866

CVE-2023-30372: Tenda/10.md at main · 2205794866/Tenda

Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5393-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 22, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136                  CVE-2023-2137Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.138-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBtkACgkQEMKTtsN8TjZHjA//Xt54GrjHMIT1eis48gYiXhfhUxNl1MiA4eeSYFJuidwGLoZbG8AGmT+2OHUvwjOCiJ4RHV06fnpPuftn95Q9Ehz79WkNeeZSIKCuZPeNK6u6c2LZv3enU3ojFejG5y6k/L6kwBx7VUPNnvraZVZcB0zwbL/f9B5wXgAwluxqynyX3vZBPRjTsJATLQs/PMhx7wWVFXspQjIm6+9bVySuNEsIUTIsDNnRlLnSVler3THdcmlHLBVDU1Qb3CIN6bAzDDnJSOUQIHWKIPLSr84ygeT6n0/eeC7qzqJ4WvG7TKhsyXrH1z+XzRdMFajVDrOhYmofmRG4WgyXibcOfi0eR7aEahNVG4aLZlP+hZvKDlDrSJ5kzI8IH4NaXZid9IGZaOXvxKaTOsKaBuC3uHDlWny1aU5MBb/itSeYbXmNVzIip7BJ10wG9rjaQ4d6VEbrMDEEWy5rqP1PUexW5wNDAwNhMHhV2pgPHnDzkC3ScQM6uN4X2vxs58oGMaSsjqjYpR5MOIEoh2SnNdz4NDXxjP8+bdpOu7MOIh4nYBC/zcWf84DgeMq1tv3RR2LDXfwdMZyxlZc7thPvtZhXfUsDJRX38LD0S0B4JR1ERRqYerpj3ixAuOk6OyyJA0CcdiI1Yave1rFGzjzitxYkpgYG+uRYa/GWgDOuG1Ebbk6R2cE==vqQn-----END PGP SIGNATURE-----

Debian Security Advisory 5393-1

Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1931-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1931  
Issue date:        2023-04-24  
CVE Names:         CVE-2023-28617   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

aarch64:  
emacs-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debugsource-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-7.el8_6.1.noarch.rpm

ppc64le:  
emacs-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debugsource-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.ppc64le.rpm

s390x:  
emacs-26.1-7.el8_6.1.s390x.rpm  
emacs-common-26.1-7.el8_6.1.s390x.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debugsource-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.s390x.rpm

x86_64:  
emacs-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debugsource-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
emacs-26.1-7.el8_6.1.src.rpm

noarch:  
emacs-filesystem-26.1-7.el8_6.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEYnQtzjgjWX9erEAQjH3w//bWrgMmx4RYmB43o0HZrDlzViBA9LdE7v  
INgXKCdUkzbfl8YflwRIijqn0ENNvUUHeluGwfFQiPmH5mwVpFhvSoLkoyQXBVHx  
i2Z3r6EGhGrMFYZ8FOj24bZNZZkqqRrYPcFymPTQPE/soAMOERVsGdy/nLATcvpO  
I/NblcjcNqWe1VepT3V1i5gwlWOa22OfnJUh9e05LSWkVg/9Gxl2AVcTN9Y2s1jw  
9tg7nJZA/bs2sDbbLawjxPLoNszJlxZAZlITRXVCKGrvutnhqTxFGWOx4fvnQWEa  
3xLz4nLGCr+sXyHu6Q4mjLEK40b74daY80roFfk++fuDuo5dZQIvh/J04tp9oTh2  
1TEBD8INRSC+dEBiDB4ZfuwQvX1C5zn8aFFURluuXFNILsnWbC5crNdtetw75JCS  
4UnRiJnp07XI+Y9ASlf+tIP+r9zqny5KRzrpCTKL+GZ1XzQczkLdP3n2TrMQx2/I  
M9/WFo7ASfLOxsRobk3ddPJd5iGoxyzA4SnU6Cq5utmF8Xl08ZXDCLtXx+GorDH6  
QZdDvUxLUX+PewJZqEmw6R7MfEamt9ORePcsnA/Yemt7tSjSJy8+AI0T/WdHfLHd  
7hqgcbbb/kWyNFWiXEA9td+pkyhphuDDw7x/QDdKHgHJXK23NQvDpmTxg8OH3zGO  
i7gZUc/hfDI=  
=7r7b  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1931-01

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update  
Advisory ID:       RHSA-2023:1816-01  
Product:           RHODF  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1816  
Issue date:        2023-04-17  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4304   
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-40897   
                   CVE-2022-41717 CVE-2022-45061 CVE-2022-48303   
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-23916   
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat  
OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat  
Container Registry.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multicloud data management service with an S3  
compatible API.

Security Fix(es):

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [backport 4.12] s3 sync directory to a bucket fails with Internal Error  
in between the upload operation (BZ#2170416)

* [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)

* [Backport to 4.12.z] Placeholder bug to backport the odf changes for  
Managed services epic RHSTOR-2442  to 4.12.z (BZ#2174335)

* [ODF 4.12] Missing the status-reporter binary causing pods  
"report-status-to-provider" remain in CreateContainerError on ODF to ODF  
cluster on ROSA (BZ#2179978)

* [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2  
noticed 2 token-exchange-agent pods on managed clusters and one of them on  
CBLO (BZ#2183198)

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests  
2171968 - [4.12 clone] [Noobaa] Secrets are used in env variables  
2174335 - [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442  to 4.12.z  
2175365 - [4.12.z] Upgrade from 4.12.0 to 4.12.1 doesn't work  
2179978 - [ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA  
2183198 - [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO  
2186455 - Include at ODF 4.12 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEOpudzjgjWX9erEAQgudA//c1DhcceGIufqRhheeM1fMJLx1pr8aS5C  
fVkwxXyNVip1BZta1fwLstIPEcbNG1Q3xCnjVmDqjxkG4sPh7HdkzmtIVdt9JSBX  
3TKSqHUMtP7m1dtlP8xg2fyQ8Om7Ki9xE6KCkijR3TwDZMZOkFtRg6D9MbSPT7+s  
3tvq+vEQ2HVr13KEdMC7kSSyvZsqLgCT3LcURFxn/rZipGy+DDJeK8uGhMe2uF43  
QPsYBb0qhm2s6T+6QWhBPahOgDxqCtP8KSgO6RNuieubL/E+wr+sV8LBXkrPZ71N  
QT6MEY7R8x5Af7+04t0INnFg2Bqo+eJPLPgLGpTqFtJeoDm0HAeqliHgv7SFqex5  
FPArRIPPgzjjEFASv4dr1r4WKAr9PWaGCrFE4OZM2m5ibQi//SWJuEn1719T5WDf  
+BGCJ8UfOWOX3J385rECIm2r0ZL5yPq2XBoPJUEcA0I0YSswlOjD6V6ovaROSNrh  
NU2eA/xSj4vwDTEC+FojZAeL1IT7uAFUJCYMq+zcyqTFRE+C7tDo8zcnVuJVhHq2  
xhezfIlbgBbcEHr5omqVp4utqDSCfYfhoGFxUJtW07iEJmq01R9lPsNbdVQsAGW4  
8/Xt+P4wU6LIYNcAM4S5yxMy2KMN/rDKwoxSljg4I6dM8uWUJAF2iaGA1+T2dKq5  
GfmMJLVuC8A=  
=MYP7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1816-01

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-29570: SEGV src/mjs_ffi.c:982:24 in mjs_ffi_cb_free · Issue #240 · cesanta/mjs

All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected. 

**Prototype Pollution in sheetJS**

Moderate severity GitHub Reviewed Published Apr 24, 2023 to the GitHub Advisory Database • Updated Apr 24, 2023

GHSA-4r6h-8v6p-xvw6: Prototype Pollution in sheetJS

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.

Submitted by oretnom23 on Wednesday, March 15, 2023 - 14:32.

This simple project is entitled **Medicine Tracker System**. It is a web-based application that was developed using **PHP** and **MySQL Database**. The project allows the users to keep notes about their daily medication to easily track it. It has a simple and pleasant user interface with the help of a **Material-Kit** template. It consists of multiple user-friendly features and functionalities.

****How does the Medicine Traker System work?****

The **Medicine Tracker System** is a sort of scheduling and note web application that can store the schedule of medicines of multiple users. Here, users can simply register for the application and manage their daily medication schedule. The system list all the medicine that the user need to take on the current date and at a specific time.

The system was mainly developed to provide students and beginners with a reference or source code to start with for building a wide-scope **Medicine Tracker System** or **web application**.

****Features and Functionalities****

Here are the features and functionalities of this **Medicine Tracker System**:

*   **Website Portal**
    *   **Home Content**
    *   **About Us Content**
*   **Login and Registration**
*   **Dashboard**
    *   **List of Today's Scheduled Medicine**
*   **Medicine Management**
*   **Medicine Schedule Management**
*   **Manage Account Details**
*   **Logout**

****What are the Technologies used?****

I used the following technologies for building this simple **Medicine Tracker System**:

*   **XAMPP**
*   **VS CODE**
*   **PHP**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JS**
*   **jQuery**
*   **Ajax**
*   **Material-Kit Template**
*   **Material-UI Icon**

****Snapshots****

Here are some of the project's pages and content snapshots.

****Portal Page****

****Login Form****

****Registration Form****

****Dashboard Content****

****Medicine List Page****

****Schedule Medicine Details****

The **Medicine Tracker System** project source code zip file is provided on this website and it is free to download. Feel free to download and modify the source code the way you wanted. The download button is located below this article's content.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****mts\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****mts\_db.sql**** located inside the **database** folder.
7.  **Browse** the **Medicine Tracker System** in a **browser**. i.e. ****http://localhost/php-mts/****.

****Sample User Access****

Username: **mcooper**  
Password: **mcooper123**

****DEMO VIDEO****

That's it! I hope this **Medicine Tracker System in PHP (OOP) and MySQL DB Source Code** will help you with what you are looking for and that you'll find something useful for your current and future PHP Projects.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

**Enjoy =)**

*   2334 views

CVE-2023-30458: Medicine Tracker System in PHP (OOP) and MySQL DB Source Code Free Download

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file.

  
**Summary**  
All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.**Categorization**  
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N (Score 5.3 - Medium)

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') \[1\]

**Affected Products**  
All releases of SheetJS Community Edition up to version 0.19.2 are affected. This includes:

*   scripts and modules on the SheetJS CDN through version 0.19.2 \[2\]
*   modules published with the name \`xlsx\` on npmjs.com \[3\]
*   scripts on third-party CDNs that pull from the \`xlsx\` package on npmjs.com \[4\] \[5\]
*   modules published with the name \`sheetjs\` on deno.land \[6\]

  
**Remediation**  
Users should upgrade to version 0.19.3 or later. Official releases are available on the SheetJS CDN \[2\]. SheetJS CE documentation includes installation instructions for common deployments \[7\].**Acknowledgements**  
Special thanks to Vsevolod Kokorin of SolidLab for reporting the issue to us.**Links**  

1.  https://cwe.mitre.org/data/definitions/1321.html
2.  https://cdn.sheetjs.com
3.  https://www.npmjs.com/package/xlsx
4.  https://cdnjs.com/libraries/xlsx/
5.  https://www.jsdelivr.com/package/npm/xlsx/
6.  https://deno.land/x/sheetjs/
7.  https://docs.sheetjs.com/docs/getting-started/

Tag

#js