H4X0Rl33Tx

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.5.1 **Description** WeGIA is a web management application designed for institutions, particularly those using the Portuguese language. A Reflected Cross-Site Scripting (XSS) issue exists in the `log` parameter of the 'configuracao geral.php' file. This allows an attacker to inject and execute arbitrary JavaScript code within a victim's browser. The API endpoint involved is 'configuracao geral.php', and the vulnerable parameter is `log`. **Recommendations** Update to version 3.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.66.3 Frappe versions prior to 15.16.0 **Description** Frappe is a full-stack web application framework. The issue allows file permission to be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. **Recommendations** For versions prior to 14.66.3, update to version 14.66.3 or later to resolve the issue. For versions prior to 15.16.0, update to version 15.16.0 or later to resolve the issue.