Alyssa-O-Herrera

**Name of the Vulnerable Software and Affected Versions** Shimmie 2 version 2.6.0 **Description** The issue allows an attacker to upload a crafted SVG file, enabling stored XSS. **Recommendations** For Shimmie 2 version 2.6.0, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pluck versions prior to 4.7.5 **Description** A stored cross-site scripting issue allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. **Recommendations** For versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue.