Kaoniniang

**Name of the Vulnerable Software and Affected Versions** opencms version 2.3 **Description** The issue allows for Arbitrary file read in the src/main/webapp/view/admin/document/dataPage.jsp file. **Recommendations** For opencms version 2.3, as a temporary workaround, consider restricting access to the dataPage.jsp file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.6 **Description** A template injection vulnerability was discovered in the template management department. **Recommendations** For OneBlog version 2.3.6, consider disabling the template management department until a patch is available. Restrict access to the template management features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Timo version 2.0.3 **Description** An arbitrary file upload vulnerability in the component /userPicture allows attackers to execute arbitrary code via uploading a crafted file. **Recommendations** For Timo version 2.0.3, consider disabling the /userPicture component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. Avoid using the /userPicture component for file uploads until the issue is resolved.