Mayuresh Dani

**Name of the Vulnerable Software and Affected Versions** ZwickRoell Test Data Management versions prior to 3.0.8 **Description** The software contains a local file inclusion issue in the `/server/node upgrade srv.js` endpoint. An attacker can provide directory traversal sequences through the `firmware` parameter to access arbitrary files on the server, potentially disclosing sensitive system files. **Recommendations** Update to version 3.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** ZeroCMS version 1.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `Full Name` field in the zero user account.php file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For ZeroCMS version 1.0, update the zero user account.php file to properly sanitize user input in the `Full Name` field to prevent XSS attacks.