Inkqaq

**Name of the Vulnerable Software and Affected Versions** The-Secretary version 2.5 **Description** A Remote Code Execution (RCE) issue exists via the install.php file. **Recommendations** For The-Secretary version 2.5, consider removing or restricting access to the install.php file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** A Cross Site Scripting (XSS) issue exists due to the `link Name` parameter. This allows for potential malicious script execution. **Recommendations** For Maccms version 10, avoid using the `link Name` parameter until a fix is available. As a temporary workaround, consider restricting access to the affected parameter to minimize the risk of exploitation.