Drxyj

**Nome do Software Vulnerável e Versões Afetadas** eyeo Adblock Plus versões anteriores a 4.36.3 **Descrição** Controles de acesso inadequados existem no componente Legacy Premium Activation, especificamente na função `postMessage()` do arquivo `premium.preload.js`. Isso permite a exploração remota por meio de manipulação, embora o caminho de código afetado faça parte de um fluxo de ativação depreciado. O servidor de licenciamento emite licenças experimentais de curta duração (aproximadamente 24 horas) para qualquer `userId` enviado, que expiram na próxima validação caso nenhuma assinatura válida seja encontrada. **Recomendações** Atualize o componente afetado para uma versão posterior a 4.36.2.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 11.6 **Description** A problematic issue affects the Picture Upload Handler component, specifically the file member.php, where the manipulation of the `oldpic` argument leads to denial of service. The attack can be initiated remotely. **Recommendations** For SeaCMS version 11.6, consider restricting access to the Picture Upload Handler component until a fix is available. As a temporary workaround, avoid using the `oldpic` argument in the affected file member.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Guest Management System version 1.0 **Description** A problematic issue has been found in the file dateTest.php of the component GET Parameter Handler. The manipulation of the `name` argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Guest Management System version 1.0, consider disabling the `dateTest.php` file or restricting access to the GET Parameter Handler component until a patch is available. Avoid using the `name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.