Giacolenzo2109

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.3 Description: A stored cross-site scripting (XSS) vulnerability exists in the Create Article function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `Link` parameter. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, consider sanitizing the `Link` parameter input to prevent the injection of malicious scripts.

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.3 Description: A stored cross-site scripting (XSS) vulnerability exists in the Create Admin function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` parameter. Recommendations: As a mitigation, sanitize the `Name` parameter input to prevent the injection of malicious scripts.

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.4 Description: An arbitrary file upload vulnerability exists in MoonShine version 3.12.4. Attackers can execute arbitrary code by uploading a crafted SVG file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.5 Description: MoonShine version 3.12.5 contains a SQL injection issue within the Blog module, specifically through the `Data` parameter. Recommendations: As a temporary workaround, consider restricting access to the Blog module until a patch is available. Sanitize the `Data` parameter before processing it to prevent SQL injection attacks.