Hi-Kk

**Name of the Vulnerable Software and Affected Versions** Fiyo CMS version 2.0.7 **Description** The issue concerns a cross-site scripting (XSS) problem. It is related to the `site name` parameter in the `/dapur/apps/app config/sys config.php` endpoint. **Recommendations** For Fiyo CMS version 2.0.7, update the `sys config.php` file to properly sanitize the `site name` parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the `/dapur/apps/app config/sys config.php` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork web interface (aka eonweb) versions 5.1-0 **Description** The issue allows directory traversal attacks, enabling the reading of arbitrary files. This is achieved via the `file` parameter in the `module/admin conf/download.php` API endpoint. **Recommendations** For EyesOfNetwork web interface (aka eonweb) versions 5.1-0, consider restricting access to the `module/admin conf/download.php` API endpoint until a patch is available. As a temporary workaround, avoid using the `file` parameter in this endpoint to minimize the risk of exploitation.