Lemon666

**Name of the Vulnerable Software and Affected Versions** Metinfo version 5.3.18 **Description** The issue allows for Information Disclosure through a remote attack vector. It involves a Cross Site Request Forgery (CSRF) attack, where the administrator clicks on a malicious link while in a logged-in state. The vulnerable component is the admin/index.php file. **Recommendations** For Metinfo version 5.3.18, as a temporary workaround, consider restricting access to the admin/index.php file until a patch is available. Avoid clicking on suspicious links while logged in to the administrator account to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MODX Revolution version 2.5.7 **Description** The issue concerns the System Settings module, where the `key` and `name` parameters are susceptible to XSS attacks. When a malicious payload is sent to the "connectors/index.php" endpoint, it will be triggered for every user visiting this module. **Recommendations** For MODX Revolution version 2.5.7, consider restricting access to the System Settings module until a fix is available, and avoid using the `key` and `name` parameters in the affected module to minimize the risk of exploitation.