Echox1

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0.0 Description: The issue is a Cross-Site Request Forgery (CSRF) that affects MetInfo. This occurs via the "admin/?n=admin&c=index&a=doSaveInfo" endpoint, allowing for potential unauthorized actions. Recommendations: For MetInfo version 7.0.0, consider disabling access to the "admin/?n=admin&c=index&a=doSaveInfo" endpoint until a patch is available. Restricting access to this endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** springboot authority versions prior to 2017-03-06 **Description** An issue was discovered that allows stored XSS via the `admin/role/edit` endpoint, specifically through the `roleKey`, `name`, or `description` parameters. **Recommendations** For versions prior to 2017-03-06, consider restricting access to the `admin/role/edit` endpoint until a fix is available, and avoid using the `roleKey`, `name`, or `description` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WeaselCMS version 0.3.6 **Description** The issue concerns a PHP code upload vulnerability. It can be exploited by embedding code at the end of a .png file when the image/png content type is used, specifically affecting the index.php file. **Recommendations** For WeaselCMS version 0.3.6, consider restricting the upload of files with the image/png content type to prevent potential code execution until a fix is available.