Chitran

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-2020 version 1.01rc001 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this issue. The specific flaw exists within the "webproc" endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For D-Link DAP-2020 version 1.01rc001, as a temporary workaround, consider disabling the "webproc" endpoint until a patch is available. Restrict access to the "webproc" endpoint to minimize the risk of exploitation. Avoid using the vulnerable endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.10 Description: The issue concerns a Self-XSS vulnerability that can be triggered via the Layout Design Manager, specifically through the "Name" field. This field is accessible when creating a new template action in the Design Manager. Recommendations: For CMS Made Simple version 2.2.10, update to a newer version that contains a fix for this issue to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.10 Description: The issue concerns an XSS vulnerability that can be triggered via the 'moduleinterface.php' Name field. This field is accessible through an "Add Category" action in the "Site Admin Settings - News module" section. Recommendations: For CMS Made Simple version 2.2.10, update to a version that includes a fix for this issue to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.10 Description: The issue concerns a cross-site scripting (XSS) problem. It is located in the `myaccount.php` file, specifically in the "Email Address" field. This field is accessible through the "My Preferences -> My Account" section. Recommendations: For CMS Made Simple version 2.2.10, update to a version that fixes this issue to prevent cross-site scripting attacks.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.10 Description: The issue concerns an XSS vulnerability that can be triggered via the `moduleinterface.php` `Name` field. This field is accessible through an "Add a new Profile" action to the File Picker. Recommendations: For CMS Made Simple version 2.2.10, update to a version that includes a fix for this issue to prevent exploitation.