Hemantsolo

**Name of the Vulnerable Software and Affected Versions** FlatPress version 1.0.3 **Description** The issue allows an attacker to inject a cross-site scripting (XSS) payload in blog content via the admin panel. When a user visits the affected blog page, the XSS payload is triggered, potentially allowing the attacker to steal cookies based on the crafted payload. **Recommendations** For FlatPress version 1.0.3, as a temporary workaround, consider restricting access to the admin panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EGavilanMedia User Registration and Login System With Admin Panel version 1.0 **Description** The issue affects the User Login Page, where SQL injection is possible. **Recommendations** For EGavilanMedia User Registration and Login System With Admin Panel version 1.0, consider implementing proper input validation and sanitization to prevent SQL injection attacks. As a temporary workaround, restrict access to the User Login Page until a fix is available.

**Name of the Vulnerable Software and Affected Versions** EGavilanMedia User Registration and Login System With Admin Panel version 1.0 **Description** The issue affects the Admin Panel, specifically the Manage User tab, where an attacker can inject a cross-site scripting (XSS) payload using the Full Name of the user. This allows the attacker to steal cookies when the admin visits the manage user section, based on the crafted payload. **Recommendations** For EGavilanMedia User Registration and Login System With Admin Panel version 1.0, consider restricting the input for the `Full Name` field in the User Registration section to prevent XSS payload injection, and avoid using the Manage User tab until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EGavilanMedia User Registration and Login System With Admin Panel version 1.0 **Description** The issue is related to cross-site scripting (XSS) in the Admin Profile Page. This allows an attacker to inject an XSS payload in the Admin Full Name field. Each time the admin visits the Profile page from the admin panel, the XSS triggers. **Recommendations** For EGavilanMedia User Registration and Login System With Admin Panel version 1.0, consider validating and sanitizing user input in the Admin Full Name field to prevent XSS injection. As a temporary workaround, restrict access to the Admin Profile Page until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.1.3 **Description** The issue allows an attacker to inject a cross-site scripting (XSS) payload in the Page description component. When a user visits the website, the XSS payload is triggered, potentially allowing the attacker to steal cookies based on the crafted payload. **Recommendations** For WonderCMS version 3.1.3, update to a version that fixes this issue to prevent XSS payload injection in the Page description component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 3.1.3 **Description** The issue affects the Menu component, allowing an attacker to inject a cross-site scripting (XSS) payload in the Setting - Menu. This payload triggers every time a user visits the website directory, potentially enabling the attacker to steal cookies based on the crafted payload. **Recommendations** For WonderCMS version 3.1.3, consider disabling the Menu component in the Setting - Menu as a temporary workaround until a patch is available. Restrict access to the Menu settings to minimize the risk of exploitation. Avoid using the vulnerable Menu component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Invision Community version 4.5.4 **Description** The issue allows an attacker to inject a cross-site scripting (XSS) payload in the `Field Name` field. When any user opens this field, the XSS payload is triggered, potentially allowing the attacker to steal cookies based on the crafted payload. **Recommendations** For Invision Community version 4.5.4, update to a version that includes a fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the `Field Name` field until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenCart version 3.0.3.6 **Description** The issue concerns cross-site scripting (XSS) in the Profile Image feature. An admin can upload a malicious code using JavaScript as a profile image. When the profile picture is viewed, the code executes, triggering the XSS. **Recommendations** For OpenCart version 3.0.3.6, as a temporary workaround, consider disabling the profile image upload feature until a patch is available. Restrict access to the profile picture display to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nopCommerce Store version 4.30 **Description** The issue is related to cross-site scripting (XSS) in the Schedule tasks name field. This allows an attacker to inject an XSS payload, which triggers every time a user visits the affected page, potentially enabling the attacker to steal cookies based on the crafted payload. **Recommendations** For nopCommerce Store version 4.30, consider disabling the Schedule tasks name field until a patch is available to prevent the injection of XSS payloads. Restrict access to the Schedule tasks page to minimize the risk of exploitation. Avoid using the Schedule tasks feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenCart version 3.0.3.6 **Description** The issue is related to cross-site scripting (XSS) in the Subject field of mail, which allows an attacker to inject an XSS payload. When a user opens the affected mail on the website, the XSS triggers, enabling the attacker to steal cookies based on the crafted payload. **Recommendations** For OpenCart version 3.0.3.6, consider restricting access to the mail functionality until a fix is available, and avoid using the Subject field of mail to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Savsoft Quiz versions 5.5 and earlier **Description** The issue allows an attacker to inject a malicious payload in the User Registration section. When the admin visits the manage user section from the admin panel, the payload triggers, enabling the attacker to steal cookies via a crafted payload. This is a result of a Stored Cross-Site Scripting (XSS) issue. **Recommendations** For Savsoft Quiz versions 5.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.