Faisal Fs

**Name of the Vulnerable Software and Affected Versions** phpipam/phpipam versions prior to 1.4.7 **Description** A Cross-Site Scripting (XSS) vulnerability allows attackers to execute arbitrary JavaScript code in the browser of a victim. This issue affects the import Data set feature via a spreadsheet file upload. The affected endpoints include "import-vlan-preview.php", "import-subnets-preview.php", "import-vrf-preview.php", "import-ipaddr-preview.php", "import-devtype-preview.php", "import-devices-preview.php", and "import-l2dom-preview.php". The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts. **Recommendations** For versions prior to 1.4.7, update to version 1.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the import Data set feature and the affected endpoints until a patch is applied. Avoid uploading spreadsheet files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** s-cart/s-cart versions prior to 6.9 s-cart/core versions prior to 6.9 **Description** The issue affects SCart e-commerce, a free open-source platform for businesses built on the Laravel framework. It is related to Cross-site Scripting (XSS), which can lead to cookie stealing of any victim visiting the affected URL. As a result, an attacker can gain unauthorized access to a user's account through the stolen cookie. **Recommendations** For s-cart/s-cart versions prior to 6.9, update to version 6.9 or later. For s-cart/core versions prior to 6.9, update to version 6.9 or later.