Applebois

**Name of the Vulnerable Software and Affected Versions** ImpressCMS version 1.4.0 **Description** The issue concerns a potential XSS in the modules/system/admin.php file, which could lead to arbitrary remote code execution. **Recommendations** For ImpressCMS version 1.4.0, consider restricting access to the vulnerable admin.php file in the modules/system directory until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 7.0 NG through 746 **Description** The issue concerns Multiple XSS vulnerabilities in different browser views of Pandora FMS. It can be triggered by a network administrator scanning a SNMP device, leading to Cross Site Scripting (XSS) that allows arbitrary code execution, potentially enabling Remote Code Execution as root or apache2. **Recommendations** For Pandora FMS versions 7.0 NG through 746, consider disabling the SNMP scanning feature until a patch is available to prevent potential exploitation of the XSS vulnerability. Restrict access to the browser views where the XSS vulnerability is present to minimize the risk of exploitation.