Abuvanth

**Name of the Vulnerable Software and Affected Versions** MicroPyramid Django-CRM version 0.2 **Description** The issue allows for CSRF attacks on specific API endpoints, including `/users/create/`, `/users/##/edit/`, and `/accounts/##/delete/`. This could potentially lead to unauthorized actions being performed on the application. **Recommendations** For MicroPyramid Django-CRM version 0.2, as a temporary workaround, consider implementing CSRF protection measures for the affected API endpoints, such as `/users/create/`, `/users/##/edit/`, and `/accounts/##/delete/`, until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.3.1 Description: The issue concerns a Reflected XSS in the /tools/mac-lookup/ endpoint via the `mac` parameter. This allows for potential malicious script injection and execution. Recommendations: For phpIPAM version 1.3.1, consider restricting access to the /tools/mac-lookup/ endpoint until a patch is available. As a temporary workaround, avoid using the `mac` parameter in the affected endpoint to minimize the risk of exploitation.