Hacker625

**Name of the Vulnerable Software and Affected Versions** EaseUS MobiMover version 6.0.5 Build 21620 **Description** The issue is related to insecure permissions in the application, allowing attackers to gain escalated privileges by using a crafted executable launched from the application installation directory. **Recommendations** For EaseUS MobiMover version 6.0.5 Build 21620, consider restricting access to the application installation directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Subrion version 4.2.1 **Description** The issue allows for XSS attacks through the `panel/members/` endpoint, specifically via the `Username`, `Full Name`, or `Email` fields. This is related to an "Admin Member JSON Update" issue. **Recommendations** For Subrion version 4.2.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `panel/members/` endpoint to minimize the risk of exploitation. Avoid using the `Username`, `Full Name`, or `Email` fields in this endpoint until the issue is resolved.