Autismj

**Name of the Vulnerable Software and Affected Versions** QuickAppsCMS versions through 2.0.0-beta2 **Description** An issue allows a CSRF vulnerability to change the administrator password via the "user/me" URI. **Recommendations** For versions through 2.0.0-beta2, update to a version that contains a fix for this issue to prevent CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS version 3.3.13 **Description** An issue was discovered that allows for a CSRF vulnerability, which can change the administrator's password via the "admin/settings.php" endpoint. The vendor reported that the proof of concept was sending a value for the `nonce` parameter. **Recommendations** For GetSimple CMS version 3.3.13, as a temporary workaround, consider disabling access to the "admin/settings.php" endpoint until a patch is available. Restrict the ability to change the administrator's password to minimize the risk of exploitation. Avoid relying on the `nonce` parameter for security validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.