Anh91

**Name of the Vulnerable Software and Affected Versions** Badaso versions 0.0.1 through 2.9.7 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `Name of member` parameter in the `add new member` function. This enables the execution of arbitrary code, potentially leading to further malicious activities. **Recommendations** For Badaso versions 0.0.1 through 2.9.7, consider restricting access to the `add new member` function until a patch is available. As a temporary workaround, avoid using the `Name of member` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Badaso versions 0.0.1 through 2.9.7 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `rack number` parameter in the `add new rack` function. This enables the attacker to perform Cross Site Scripting attacks. **Recommendations** For Badaso versions 0.0.1 through 2.9.7, consider disabling the `add new rack` function until a patch is available to prevent exploitation via the `rack number` parameter. Restrict access to this function to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Badaso version 2.9.7 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the `title` parameter in the new book and edit book function. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For Badaso version 2.9.7, consider disabling the `title` parameter in the new book and edit book functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Zenario CMS version 9.4 **Description** A stored cross-site scripting (XSS) vulnerability in the Create function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Menu navigation text field`. This enables attackers to potentially manipulate the website's behavior or steal user data. **Recommendations** For Zenario CMS version 9.4, consider disabling the Create function until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Menu navigation text field to minimize the risk of malicious payload injection.

**Name of the Vulnerable Software and Affected Versions** Badaso version 2.9.7 **Description** A stored cross-site scripting (XSS) issue in the Add Tag function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` parameter. **Recommendations** For Badaso version 2.9.7, consider disabling the Add Tag function until a patch is available to prevent exploitation. Restrict access to the Title parameter in the Add Tag function to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Badaso version 2.9.7 **Description** A stored cross-site scripting (XSS) issue in the Edit Category function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` parameter. **Recommendations** For Badaso version 2.9.7, consider disabling the Edit Category function until a patch is available to prevent exploitation. Restrict access to the Title parameter in the Edit Category function to minimize the risk of arbitrary script execution.