Kpa1Onop

**Name of the Vulnerable Software and Affected Versions** SurveyKing version 0.2.0 **Description** The issue allows attackers to login to the system and access data using the browser cache when the user exits the application, due to the retention of users' session cookies after logout. **Recommendations** For SurveyKing version 0.2.0, consider clearing the browser cache after logout as a temporary workaround to minimize the risk of exploitation. Restrict access to sensitive data until a proper fix is implemented to prevent session cookie retention. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** A reflected cross-site scripting (XSS) issue was found in the /admin.php/admin/ulog/index.html endpoint via the `wd` parameter. This allows for potential malicious script execution. **Recommendations** For Maccms version 10, avoid using the `wd` parameter in the /admin.php/admin/ulog/index.html endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** A reflected cross-site scripting (XSS) issue was found in the /admin.php/admin/vod/data.html endpoint via the `repeat` parameter. **Recommendations** For Maccms version 10, avoid using the `repeat` parameter in the /admin.php/admin/vod/data.html endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.