Zhonghaozhao

**Name of the Vulnerable Software and Affected Versions** Zen Cart version 1.6.0 **Description** The issue is related to a potential XSS problem. In the `index.php` file, the `products id` parameter can cause XSS. **Recommendations** For Zen Cart version 1.6.0, avoid using the `products id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Winmail Server version 6.1 **Description** The issue allows remote code execution by authenticated users. This is achieved through directory traversal in a `netdisk.php` `move folder file` call, enabling the movement of a `.php` file from the FTP folder into a web folder. **Recommendations** For Winmail Server version 6.1, update to a version that fixes this issue, as the current version allows for remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.