K1Ns0O

**Name of the Vulnerable Software and Affected Versions** CMS MaeloStore version 1.5.0 **Description** A CSRF issue allows changing the administrator password via the "admin/modul/users/aksi users.php?act=update" API endpoint. **Recommendations** For CMS MaeloStore version 1.5.0, as a temporary workaround, consider restricting access to the "admin/modul/users/aksi users.php?act=update" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Victor CMS versions prior to 2018-05-10 **Description** An issue was discovered that allows for XSS via the `Author` field of the "Leave a Comment" screen. **Recommendations** For versions prior to 2018-05-10, update to a version released after 2018-05-10 to resolve the issue.