M19O

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A cross-site scripting (XSS) issue was found in the Column Management component. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For SSCMS version 7.2.2, consider disabling the Column Management component until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A cross-site scripting (XSS) issue was found in the Content Management component. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For SSCMS version 7.2.2, update to a version that fixes the XSS vulnerability in the Content Management component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A stored cross-site scripting (XSS) issue was found in the Material Management component. This allows for malicious scripts to be stored and executed on the system. **Recommendations** For SSCMS version 7.2.2, update to a version that addresses the stored XSS vulnerability in the Material Management component. As a temporary workaround, consider restricting access to the Material Management component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 9.0.0 **Description** The issue concerns Sensitive Data Exposure. **Recommendations** For LavaLite CMS version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 9.0.0 **Description** The issue concerns Sensitive Data Exposure. **Recommendations** For LavaLite CMS version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 9.0.0 **Description** The issue is related to a host header injection attack. This type of attack involves manipulating the host header in HTTP requests to potentially bypass security controls or access unauthorized resources. **Recommendations** For LavaLite CMS version 9.0.0, as a temporary workaround, consider restricting access to the `Host` header in incoming requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 9.0.0 **Description** The issue is related to web cache poisoning. **Recommendations** For LavaLite CMS version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MoveIt framework version 1.1.11 **Description** The issue concerns a cross-site scripting (XSS) flaw via the API authentication function. This allows for potential malicious script execution. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For MoveIt framework version 1.1.11, consider disabling the API authentication function as a temporary workaround until a patch is available. Restrict access to the authentication endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Nome do software vulnerável e versões afetadas: Versões do plugin All-in-One Video Gallery para WordPress anteriores à 2.5.0 Descrição: O problema decorre da falta de sanitização e validação do parâmetro `tab`, que é utilizado em uma instrução `require` no painel de administração. Isso leva a um problema de inclusão de arquivo local. Recomendações: Para versões anteriores à 2.5.0, atualize para a versão 2.5.0 ou posterior para resolver o problema.