Markus Schneider

**Name of the Vulnerable Software and Affected Versions** panicsteve w2wiki (affected versions not specified) **Description** A problematic issue has been found in the function `toHTML` of the file `index.php` of the component Markdown Handler, leading to cross-site scripting. The attack can be launched remotely. **Recommendations** Apply a patch to fix this issue, specifically the patch with the name `8f1d0470b4ddb1c7699e3308e765c11ed29542b6`. As a temporary workaround, consider disabling the `toHTML` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MailBeez plugin for ZenCart versions prior to 3.9.22 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `cloudloader mode` parameter in the mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader core.php files. **Recommendations** For MailBeez plugin for ZenCart versions prior to 3.9.22, update to version 3.9.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cloudloader mode` parameter in the affected API endpoints until a patch is available.