Carlcj

Name of the Vulnerable Software and Affected Versions: peel-shopping 9 1 0 version Description: The issue allows an authenticated user to inject java script code in the `Site Name EN` parameter, resulting in a Cross Site Scripting (XSS) issue. This can be exploited if the malicious user has access to the administration account. Recommendations: For peel-shopping 9 1 0 version, avoid using the `Site Name EN` parameter until the issue is resolved. As a temporary workaround, consider restricting access to the administration account to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: FrontAccounting version 2.4.5 Description: The issue concerns a Time Based Blind SQL Injection that affects the `filterType` parameter in the "/attachments.php" API endpoint. This can potentially allow an attacker to access the entire database of the application. Recommendations: For FrontAccounting version 2.4.5, consider restricting access to the "/attachments.php" endpoint until a patch is available. As a temporary workaround, avoid using the `filterType` parameter in the affected endpoint to minimize the risk of exploitation.