Nakkouchtarek

Name of the Vulnerable Software and Affected Versions: YesWiki version 4.54 Description: YesWiki is susceptible to a cross-site scripting issue that enables a remote attacker to execute arbitrary code. The issue stems from a crafted payload delivered to the `robots` field within the meta configuration. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Listmonk versions 4.0.0 through 5.0.2 **Description** Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The `env` and `expandenv` template functions, enabled by default in Sprig, allow capturing of environment variables on the host. This may not be a problem on single-user installations, but on multi-user installations, non-super-admin users with campaign or template permissions can use the `{{ env }}` template expression to capture sensitive environment variables. **Recommendations** For Listmonk versions 4.0.0 through 5.0.2, upgrade to version 5.0.2 to mitigate the issue. As a temporary workaround, consider disabling the `env` and `expandenv` template functions in Sprig to prevent the capture of sensitive environment variables. Restrict access to the template expression `{{ env }}` to minimize the risk of exploitation.