Ahisec

**Name of the Vulnerable Software and Affected Versions** RPCMS version 3.0.2 **Description** A reflected cross-site scripting (XSS) issue was found in the Search function. This could potentially allow an attacker to inject malicious scripts into the website. **Recommendations** For RPCMS version 3.0.2, update to a version that fixes the reflected cross-site scripting issue in the Search function, or as a temporary workaround, consider restricting access to the Search function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RPCMS version 3.0.2 **Description** The issue allows attackers to arbitrarily change the password of any account due to a Cross-Site Request Forgery (CSRF). This means an attacker can trick a user into performing unintended actions on the web application. **Recommendations** For RPCMS version 3.0.2, consider implementing proper CSRF token validation to prevent unauthorized password changes. As a temporary workaround, restrict access to password change functionality until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** RPCMS version 3.0.2 **Description** The issue allows attackers to arbitrarily add an administrator account due to a Cross-Site Request Forgery (CSRF). This can be exploited by attackers to gain unauthorized access to the system. **Recommendations** For RPCMS version 3.0.2, consider disabling the functionality that allows adding administrator accounts until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.