Xyntax

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.0.5 **Description** The issue allows remote attackers to conduct PHP Object Injection attacks. This is achieved by sending crafted serialized data in a salt cookie within a login request to the `includes/classes/ia.core.users.php` file. **Recommendations** For Subrion CMS version 4.0.5, as a temporary workaround, consider restricting access to the `includes/classes/ia.core.users.php` file until a patch is available. Avoid using the salt cookie in the affected login request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeniXCMS versions prior to 0.0.9 **Description** A cross-site scripting (XSS) issue exists in the user prompt function, allowing remote authenticated users to inject arbitrary web script or HTML via tag names. **Recommendations** For versions prior to 0.0.9, update to version 0.0.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zikula versions 1.3.x through 1.3.10 Zikula versions 1.4.x through 1.4.3 **Description** A directory traversal issue in the file "jcss.php" allows a remote attacker to launch a PHP object injection by uploading a serialized file. **Recommendations** For Zikula versions 1.3.x through 1.3.10, update to version 1.3.11 or later. For Zikula versions 1.4.x through 1.4.3, update to version 1.4.4 or later.