Iami233

**Name of the Vulnerable Software and Affected Versions** Doufox version 0.0.4 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting a remote code execution vulnerability through the edit file page. **Recommendations** For Doufox version 0.0.4, consider restricting access to the edit file page until a patch is available. As a temporary workaround, avoid using the edit file functionality with crafted PHP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Subscription-Manager version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It affects the `machineDetail` parameter in the `/main.js` file. **Recommendations** For Subscription-Manager version 1.0, avoid using the `machineDetail` parameter until the issue is resolved. As a temporary workaround, consider restricting access to the `/main.js` file to minimize the risk of exploitation.