Kiki

**Name of the Vulnerable Software and Affected Versions** lenosp versions 1.0 through 1.2.0 **Description** The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component. **Recommendations** For versions 1.0 through 1.2.0, consider disabling the /user/upload component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary file uploads. Avoid using the component for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siteframe Beaumont versions 5.0.1a through 5.0.2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `comment text` parameter to the user comment page at the "/edit/Comment" API endpoint. **Recommendations** For versions 5.0.1a through 5.0.2, as a temporary workaround, consider restricting access to the `comment text` parameter in the "/edit/Comment" API endpoint until a patch is available.