Raif Berkay Dincel

**Name of the Vulnerable Software and Affected Versions** Craft CMS version 3.0.25 **Description** The issue allows for cross-site scripting (XSS) by saving a new title from the console tab, specifically through the "index.php?p=admin/actions/entries/save-entry" endpoint. **Recommendations** For Craft CMS version 3.0.25, as a temporary workaround, consider restricting access to the "index.php?p=admin/actions/entries/save-entry" endpoint until a patch is available. Avoid using this endpoint to save new titles from the console tab until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Airties 5444 version 1.0.0.18 Airties 5444TT version 1.0.0.18 **Description** The issue allows for cross-site scripting (XSS), which is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Airties 5444 version 1.0.0.18, update to a newer version that addresses the XSS issue. For Airties 5444TT version 1.0.0.18, update to a newer version that addresses the XSS issue. As a temporary workaround, consider restricting user input to minimize the risk of XSS exploitation.