Hss94531

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.4.0 **Description** A reflected cross-site scripting issue exists in the STL processing endpoint. Attackers can execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Specifically, improper output encoding in the "/api/stl/actions/dynamic" endpoint allows the injection of executable JavaScript into JSON responses, which can lead to session hijacking, phishing attacks, and unauthorized actions performed on behalf of users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.4.0 **Description** An issue exists in the `stl:sqlContent` tag where the `queryString` attribute is passed directly to database execution without parameterization or sanitization. This allows attackers to submit encrypted payloads to the '/api/stl/actions/dynamic' endpoint to execute arbitrary SQL statements. This can lead to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.