Maikroservice

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Simple Cashiering System (affected versions not specified) **Description** A problematic issue has been found in the User Account Handler component, where the manipulation of the `fullname` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondercms version 3.3.4 **Description** A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Site title` field of the `Configuration Panel`. **Recommendations** For Wondercms version 3.3.4, consider removing or restricting the ability to inject HTML into the `Site title` field until a patch is available. As a temporary workaround, restrict access to the Configuration Panel to minimize the risk of exploitation.