Mohamed Magdy Abumuslim

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A cross-site scripting (XSS) issue was found in the Column Management component. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For SSCMS version 7.2.2, consider disabling the Column Management component until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A stored cross-site scripting (XSS) issue was found in the Material Management component. This allows for malicious scripts to be stored and executed on the system. **Recommendations** For SSCMS version 7.2.2, update to a version that addresses the stored XSS vulnerability in the Material Management component. As a temporary workaround, consider restricting access to the Material Management component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.2.2 **Description** A cross-site scripting (XSS) issue was found in the Content Management component. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For SSCMS version 7.2.2, update to a version that fixes the XSS vulnerability in the Content Management component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LavaLite CMS version 9.0.0 **Description** The issue concerns Sensitive Data Exposure. **Recommendations** For LavaLite CMS version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or version is mentioned, so the information cannot be provided. **Description** The issue concerns reflected XSS (Cross-Site Scripting) attacks on various configuration pages of a device. An authorized attacker with user privileges may exploit this to gain access to confidential information on a PC that connects to the device after it has been compromised. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: All-in-One Video Gallery WordPress plugin versions prior to 2.5.0 Description: The issue arises from the lack of sanitization and validation of the `tab` parameter, which is used in a require statement within the admin dashboard. This leads to a Local File Inclusion issue. Recommendations: For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.