Aggressiveuser

**Name of the Vulnerable Software and Affected Versions** qdPM version 9.2 **Description** The issue allows Cross-Site Request Forgery (CSRF) via the "index.php/myAccount/update" URI. This means an attacker can trick a user into performing unintended actions on the web application. **Recommendations** For qdPM version 9.2, as a temporary workaround, consider restricting access to the "index.php/myAccount/update" URI until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mineweb/minewebcms versions prior to next **Description** The issue is related to Cross-site Scripting (XSS) - Stored. This means that an attacker can inject malicious scripts into the website, which will be executed by other users' browsers. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions prior to next, update to the next version to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** microweber/microweber versions prior to 1.2.11 **Description** The issue is related to OS Command Injection in the microweber/microweber content management system. This system features drag and drop functionality. **Recommendations** For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue.