Mozako

Name of the Vulnerable Software and Affected Versions: AutoIndex PHP Script version 1.5.2 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `search` parameter in the "index.php" file. Recommendations: For AutoIndex PHP Script version 1.5.2, consider validating and sanitizing user input for the `search` parameter to prevent XSS attacks. As a temporary workaround, restrict access to the "index.php" file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Community Link Pro Web Editor (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary commands via the `file` parameter in the "login.cgi" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.