Cmoncrook

**Name of the Vulnerable Software and Affected Versions** staffwiki version 7.0.1.19219 **Description** A cross-site scripting (XSS) issue exists in staffwiki. This allows attackers to execute arbitrary Javascript in the context of a user's browser through a crafted HTTP request. The vulnerable API endpoint is `/wff cols pref.css.aspx`. Attackers can leverage this to inject malicious scripts. **Recommendations** staffwiki version 7.0.1.19219: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Abis, Inc Adjutant Core Accounting ERP version v.PreBeta250F Description: The issue allows a remote attacker to obtain sensitive information via the `cid` parameter in the GET request. This is a SQL Injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database and extract sensitive data. Recommendations: For Abis, Inc Adjutant Core Accounting ERP version v.PreBeta250F, consider restricting access to the vulnerable `cid` parameter in the GET request until a patch is available. As a temporary workaround, avoid using the `cid` parameter in affected API endpoints to minimize the risk of exploitation.