4Everwlo

**Name of the Vulnerable Software and Affected Versions** PluXml versions 5.8.16 and lower **Description** A remote code execution issue in the /PluXml/core/admin/parametres edittpl.php component allows attackers to execute arbitrary code by injecting a crafted payload into a template. **Recommendations** For PluXml versions 5.8.16 and lower, consider disabling access to the /PluXml/core/admin/parametres edittpl.php component until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Maccms10 version 2024.1000.4040 **Description** A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. **Recommendations** For Maccms10 version 2024.1000.4040, consider disabling the Add Scheduled Task module until a patch is available to prevent exploitation of the stored XSS vulnerability.