Anusya Angamuthu

**Name of the Vulnerable Software and Affected Versions** MODX Revolution version 2.6.5-pl **Description** The issue allows for stored XSS via a Create New Media Source action. **Recommendations** For MODX Revolution version 2.6.5-pl, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS versions prior to 2.5.2 **Description** An issue allows an attacker to create a new session on a web application, record the associated session identifier, and then cause the victim to authenticate against the server using the same session identifier. This enables the attacker to access the user's account through the active session. The attack fixes a session on the victim's browser before the user logs in. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClipperCMS version 1.3.3 **Description** The issue allows session fixation. **Recommendations** For ClipperCMS version 1.3.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ClipperCMS version 1.3.3 **Description** The issue concerns an XSS vulnerability in the "Module name" field, specifically when performing a "Modules -> Manage modules -> edit" action, which is accessible via the manager/ URI. **Recommendations** For ClipperCMS version 1.3.3, avoid using the "Module name" field in the "Modules -> Manage modules -> edit" action until a fix is available. As a temporary workaround, consider restricting access to the manager/ URI to minimize the risk of exploitation.