Leandro Vallim

**Name of the Vulnerable Software and Affected Versions** Tassos Framework versions prior to 6.1.0 **Description** A flaw in the Tassos Framework Plugin enables users to perform arbitrary file deletion on affected sites. Arbitrary file deletion is a condition where an attacker can delete any file on the server to which the application has access. **Recommendations** Update to version 6.1.0 or later.

Name of the Vulnerable Software and Affected Versions Phoca Maps versions 5.0.0 through 6.0.2 Description The Phoca Maps component contains stored cross-site scripting (XSS) vulnerabilities in the maps and icon rendering logic. These flaws could allow an attacker to inject malicious scripts into web pages viewed by other users. Recommendations Update Phoca Maps to a version later than 6.0.2.