Berk İmran

**Name of the Vulnerable Software and Affected Versions** Specto CM versions prior to 17032025 **Description** Specto CM contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied input. **Recommendations** Update Specto CM to a version newer than or equal to 17032025.

**Name of the Vulnerable Software and Affected Versions** Specto CM versions prior to 17032025 **Description** Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions on their type. This could allow an attacker to upload a malicious file and execute arbitrary code on the system. **Recommendations** Update Specto CM to a version released on or after 17032025.

**Name of the Vulnerable Software and Affected Versions** ww.Winsure versions prior to 4.6.2 **Description** The issue is related to an Improper Restriction of XML External Entity Reference vulnerability, which allows for XML Injection. This vulnerability exists in the SFS Consulting ww.Winsure software. **Recommendations** For versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of XML external entities to minimize the risk of exploitation.