Larchik

**Name of the Vulnerable Software and Affected Versions** Zenario versions prior to 9.5.60602 **Description** The Tree Explorer tool from Organizer in Zenario is affected by a cross-site scripting (XSS) issue. This component was removed in version 9.5.60602. **Recommendations** For versions prior to 9.5.60602, update to version 9.5.60602 or later, as the vulnerable component has been removed in this version.

**Name of the Vulnerable Software and Affected Versions** Zenario versions prior to 9.5.60437 **Description** The issue is related to the insecure use of Twig filters in the Twig Snippet plugin and in the site-wide HEAD and BODY elements, allowing code execution by a designer or an administrator. **Recommendations** For versions prior to 9.5.60437, update to version 9.5.60437 or later to resolve the issue. As a temporary workaround, consider restricting access to the Twig Snippet plugin and the site-wide HEAD and BODY elements to minimize the risk of exploitation.