Mrreee

**Name of the Vulnerable Software and Affected Versions** Secudeal Payments for Ecommerce versions n/a through 1.1 **Description** The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts Secudeal Payments for Ecommerce. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Terms descriptions versions through 3.4.9 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting (XSS) condition. This allows for potential malicious code execution within the context of the web page. **Recommendations** Update Terms descriptions to a version greater than 3.4.9.

**Name of the Vulnerable Software and Affected Versions** Neoforum versions prior to 1.0. **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-site Scripting (XSS) condition. This allows attackers to inject malicious scripts into web pages viewed by other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Neoforum versions prior to 1.0 **Description** The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This allows for potential unauthorized access or manipulation of data. **Recommendations** Update to a version greater than 1.0.

**Name of the Vulnerable Software and Affected Versions** Suggestion Toolkit versions prior to 5.1 **Description** A missing authorization flaw exists in Sergiy Dzysyak Suggestion Toolkit. This issue allows exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version prior to 5.1.

**Name of the Vulnerable Software and Affected Versions** Merge + Minify + Refresh versions through 2.14 **Description** A Cross-Site Request Forgery (CSRF) issue exists in launchinteractive Merge + Minify + Refresh. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. CSRF occurs when a malicious website, email, or other communication form induces a user's browser to send an unwanted request to a web application that the user is currently authenticated to. **Recommendations** Update Merge + Minify + Refresh to a version later than 2.14.

**Name of the Vulnerable Software and Affected Versions** FireStorm Plugins FireStorm Professional Real Estate versions through 2.7.11 **Description** The software contains a flaw due to improper neutralization of special elements used in an SQL command, leading to a SQL Injection issue. This allows for Blind SQL Injection. The affected component is the fs-real-estate-plugin. **Recommendations** Update FireStorm Professional Real Estate to a version later than 2.7.11.