Hirota Kazuki

**Name of the Vulnerable Software and Affected Versions** CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via unspecified vectors. **Recommendations** For CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), update to a version later than 4.3.10. For CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), update to a version later than 4.3.10.

**Name of the Vulnerable Software and Affected Versions** Vtiger CRM versions 6.4.0 and earlier **Description** The issue concerns the `modules/Users/actions/Save.php` file in Vtiger CRM, which does not properly restrict user-save actions. This allows remote authenticated users to create or modify user accounts via unspecified vectors. **Recommendations** For versions 6.4.0 and earlier, consider restricting access to the `Save.php` file in the `modules/Users/actions` directory until a patch is available. As a temporary workaround, limit the ability of remote authenticated users to create or modify user accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kobe Beauty php-contact-form versions prior to 2016-05-18 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URI. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 2016-05-18, update to a version released after 2016-05-18 to resolve the issue.