Evan Yu

**Name of the Vulnerable Software and Affected Versions** OpenSIS Community Edition versions prior to 7.7 **Description** The issue is related to a reflected XSS vulnerability in the EmailCheck.php file, specifically via the `opt` parameter. This allows for potential exploitation. **Recommendations** For OpenSIS Community Edition versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the EmailCheck.php file until a patch is available. Avoid using the `opt` parameter in the affected EmailCheck.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSIS Community Edition versions prior to 7.7 **Description** The issue is related to a local file inclusion vulnerability in the DownloadWindow.php file, specifically via the `filename` parameter. This vulnerability can potentially be exploited to access unauthorized files on the system. **Recommendations** For OpenSIS Community Edition versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the DownloadWindow.php file or disabling the `filename` parameter until a patch is available.