Chasingboy

**Name of the Vulnerable Software and Affected Versions** rageframe2 version 2.6.37 **Description** An issue was discovered in the user agent related parameters of the info.php page, specifically a XSS vulnerability. **Recommendations** For rageframe2 version 2.6.37, consider restricting access to the info.php page until a patch is available. As a temporary workaround, avoid using user agent related parameters in the info.php page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** taocms version 3.0.2 **Description** An issue was discovered in the website settings that allows arbitrary php code to be injected by modifying `config.php`. **Recommendations** For taocms version 3.0.2, consider restricting access to the `config.php` file until a patch is available. As a temporary workaround, avoid using the website settings feature that allows modification of `config.php` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.