Godepic

**Name of the Vulnerable Software and Affected Versions** Cryptoprof WCMS version 0.3.2 **Description** A Directory Traversal issue allows a remote attacker to execute arbitrary code via the `wex/cssjs.php` parameter. **Recommendations** For Cryptoprof WCMS version 0.3.2, consider restricting access to the `wex/cssjs.php` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Chaoji CMS version 2.18 **Description** A stored cross site scripting (XSS) issue allows attackers to execute arbitrary code via the "/index.php?admin-master-webset" API endpoint. This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions. **Recommendations** For Chaoji CMS version 2.18, as a temporary workaround, consider restricting access to the "/index.php?admin-master-webset" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jymusic version 2.0.0 **Description** A cross-site request forgery (CSRF) issue allows attackers to execute arbitrary code via the "/admin.php?s=/addons/config.html&id=6" API endpoint to modify payment information. This can be achieved by exploiting the `id` variable. **Recommendations** For Jymusic version 2.0.0, as a temporary workaround, consider restricting access to the "/admin.php?s=/addons/config.html&id=6" API endpoint to minimize the risk of exploitation. Avoid using the `id` variable in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** espcms version P8.18101601 **Description** The issue allows arbitrary code to be executed via the `title` parameter, enabling cross-site scripting (XSS). This means an attacker could inject malicious code into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For espcms version P8.18101601, consider restricting access to the `title` parameter to minimize the risk of exploitation. Avoid using the `title` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cmseasy version 7.0.0 **Description** An issue was discovered that allows user credentials to be sent in clear text due to no encryption of form data. **Recommendations** For cmseasy version 7.0.0, consider implementing encryption for form data to prevent user credentials from being sent in clear text. As a temporary workaround, restrict access to sensitive areas of the application until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CatfishCMS version 4.8.63 **Description** A Cross Site Request Forgery (CSRF) issue was found that could allow attackers to gain administrator permissions. The issue is related to the "/index.php/admin/index/modifymanage.html" API endpoint. **Recommendations** For CatfishCMS version 4.8.63, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Chaoji CMS version 2.18 **Description** A stored cross site scripting (XSS) issue in the `/index.php?admin-master-article-edit` endpoint of Chaoji CMS allows attackers to obtain administrator privileges. **Recommendations** For Chaoji CMS version 2.18, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `/index.php?admin-master-article-edit` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Chaoji CMS version 2.18 **Description** The issue is a stored cross-site scripting (XSS) vulnerability. It affects the `/index.php?admin-master-navmenu-add` endpoint of Chaoji CMS, allowing attackers to execute arbitrary code. **Recommendations** For Chaoji CMS version 2.18, consider disabling access to the `/index.php?admin-master-navmenu-add` endpoint until a patch is available. Restrict the use of the `admin-master-navmenu-add` functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cscms version 4.1.0 **Description** An issue in Cscms allows for a CSRF vulnerability through the `admin.php/pay` endpoint, potentially enabling an attacker to change the payment account and redirect funds. **Recommendations** For Cscms version 4.1.0, as a temporary workaround, consider disabling access to the `admin.php/pay` endpoint until a patch is available. Restrict the use of the payment account modification feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.2.0 **Description** An issue was discovered that allows XSS via the bottom text field to the "admin/system manage/save.html" URI, related to the `site code` parameter. **Recommendations** For YzmCMS version 5.2.0, as a temporary workaround, consider restricting access to the "admin/system manage/save.html" URI until a patch is available. Avoid using the `site code` parameter in this URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.