Faiz Ahmed Zaidi

**Name of the Vulnerable Software and Affected Versions** Blackcat CMS version 1.2 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `map language` parameter to "backend/pages/lang settings.php". **Recommendations** For Blackcat CMS version 1.2, avoid using the `map language` parameter in the "backend/pages/lang settings.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the backend/pages/lang settings.php page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** admidio version 3.2.8 **Description** The issue allows for Cross-Site Request Forgery (CSRF) in the `adm program/modules/members/members function.php` file, which can lead to the deletion of arbitrary user accounts. **Recommendations** For admidio version 3.2.8, consider disabling the `members function.php` file or restricting access to it until a patch is available to prevent the deletion of user accounts.