G0H3Aler

**Name of the Vulnerable Software and Affected Versions** neofarg-cms version 0.2.3 **Description** The issue allows a remote attacker to run arbitrary code via the `copyright` field in copyright settings. This is a Cross Site Scripting (XSS) vulnerability. **Recommendations** For neofarg-cms version 0.2.3, consider disabling the copyright field in copyright settings until a patch is available. Restrict access to the copyright settings to minimize the risk of exploitation. Avoid using the `copyright` field in the affected settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** htmly version 2.8.0 **Description** The issue allows stored XSS via the blog title, Tagline, or Description to config.html.php. This can be exploited to inject malicious scripts into the application. **Recommendations** For htmly version 2.8.0, as a temporary workaround, consider validating and sanitizing user input for the blog title, Tagline, and Description fields to prevent XSS attacks. Restrict access to the config.html.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.