63N0

**Name of the Vulnerable Software and Affected Versions** Zippy versions through 1.7.0 **Description** The software contains a flaw related to unrestricted file uploads, allowing the use of malicious files. This could potentially allow an attacker to compromise the system. **Recommendations** Update to a version later than 1.7.0.

**Name of the Vulnerable Software and Affected Versions** supsystic Contact Form versions through 1.7.35 **Description** The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting (XSS). This allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to exploitation when processing user input during web page generation. **Recommendations** Update supsystic Contact Form to a version greater than 1.7.35.

**Name of the Vulnerable Software and Affected Versions** Seriously Simple Podcasting versions through 3.11.1 **Description** The software contains a flaw related to improper input handling during web page creation, which allows for Cross-site Scripting (XSS). This specific instance is a DOM-Based XSS issue. **Recommendations** Update Seriously Simple Podcasting to a version later than 3.11.1.

**Name of the Vulnerable Software and Affected Versions** Embed Any Document versions through 2.7.7 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting (XSS) condition. This allows for Stored XSS attacks. The affected component is Embed Any Document. **Recommendations** Update to a version later than 2.7.7.

Name of the Vulnerable Software and Affected Versions: nanbu Welcart e-Commerce versions through 2.11.20 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-Site Scripting (XSS). Recommendations: Update nanbu Welcart e-Commerce to a version later than 2.11.20.

**Name of the Vulnerable Software and Affected Versions** Latest Post Shortcode versions through 14.0.3 **Description** The Latest Post Shortcode contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Latest Post Shortcode to a version later than 14.0.3.

**Name of the Vulnerable Software and Affected Versions** Tooltipy versions through 5.5.6 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Tooltipy to a version later than 5.5.6.

Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 4.2.2 Description: Deserialization of untrusted data in Groundhogg allows object injection. Recommendations: Update Groundhogg to a version later than 4.2.2.

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions through 2.11.16 Description: A deserialization of untrusted data issue exists in Welcart e-Commerce, allowing for object injection. Recommendations: Update Welcart e-Commerce to a version later than 2.11.16.

Name of the Vulnerable Software and Affected Versions: iFrame Block versions n/a through 0.1.1 Description: This issue involves improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) condition in Vikas Sharma iFrame Block. Successful exploitation of this issue could allow an attacker to inject malicious scripts into web pages viewed by other users. Recommendations: Update iFrame Block to a version later than 0.1.1.

**Name of the Vulnerable Software and Affected Versions** Kyle Gilman Videopack versions through 4.10.3 **Description** The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. **Recommendations** Update to a version later than 4.10.3.

**Name of the Vulnerable Software and Affected Versions** Groundhogg versions through 4.2.1 **Description** Groundhogg is susceptible to an unrestricted file upload issue that allows for the upload of a web shell to a web server. **Recommendations** Update Groundhogg to a version later than 4.2.1.

**Name of the Vulnerable Software and Affected Versions** nanbu Welcart e-Commerce versions through 2.11.16 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). This can potentially lead to the execution of malicious scripts in a user's browser. **Recommendations** Update nanbu Welcart e-Commerce to a version later than 2.11.16.