C0Rdxy

**Name of the Vulnerable Software and Affected Versions** baseweb JSite version 1.0 **Description** A problematic issue was found in the software, affecting some unknown functionality of the file /a/sys/area/save. The manipulation of the `Name` argument leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For baseweb JSite version 1.0, as a temporary workaround, consider restricting access to the `/a/sys/area/save` endpoint until a patch is available. Avoid using the `Name` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0.202406 **Description** The issue is related to an arbitrary file upload vulnerability in the /cms/CmsWebFileAdminController.java component. This allows attackers to execute arbitrary code by uploading a crafted svg or xml file. **Recommendations** For PublicCMS version 4.0.202406, consider restricting access to the /cms/CmsWebFileAdminController.java component until a patch is available. As a temporary workaround, avoid using the file upload functionality in this component to minimize the risk of exploitation.