Fgeek

Name of the Vulnerable Software and Affected Versions: MipCMS version 5.0.1 Description: A server side request forgery (SSRF) vulnerability in the "/ApiAdminDomainSettings.php" API endpoint allows attackers to access sensitive information. Recommendations: For MipCMS version 5.0.1, as a temporary workaround, consider restricting access to the "/ApiAdminDomainSettings.php" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jasper version 2.0.13 **Description** The issue is related to an infinite loop in the `jpc dec tileinit` function, which can lead to a remote denial of service attack. **Recommendations** For Jasper version 2.0.13, consider applying a patch to fix the infinite loop in the `jpc dec tileinit` function to prevent remote denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeniXCMS version 1.0.2 **Description** The issue is triggered by a comment that is mishandled during a publish operation by an administrator. This can be demonstrated by a malformed P element, leading to a cross-site scripting (XSS) issue. **Recommendations** For GeniXCMS version 1.0.2, consider disabling the comment publishing feature for administrators until a patch is available to prevent potential exploitation. Restrict access to the publish operation to minimize the risk of XSS attacks.