Tht1997

**Name of the Vulnerable Software and Affected Versions** Pimcore Admin Classic Bundle versions prior to 1.2.0 **Description** A cross-site scripting issue has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. This can be achieved by uploading a malicious file, such as a PDF with an XSS payload, to the `/admin` area of the application, specifically through the "Documents" section by going to home, clicking on Sample Content, and then clicking on the Document folder. **Recommendations** For versions prior to 1.2.0, upgrade to version 1.2.0 to receive a patch. As a temporary workaround for versions prior to 1.2.0, apply the patch manually.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue has been discovered, affecting an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the `items/view.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected GET Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.