Nhienit2010

**Name of the Vulnerable Software and Affected Versions** Sentrifugo version 3.5 **Description** The issue allows an authenticated attacker to upload any file without extension filtering through the AssetsController::uploadsaveAction function. **Recommendations** For Sentrifugo version 3.5, consider restricting access to the AssetsController::uploadsaveAction function until a patch is available, and implement proper file extension filtering to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hoosk version 1.8.0 **Description** The issue allows an attacker to execute javascript code in a user's browser via the edit page with an XSS payload, bypassing filters for some special characters. **Recommendations** For Hoosk version 1.8.0, update to a version that includes a fix for this issue, as using the edit page with an XSS payload can lead to the execution of malicious javascript code in the user's browser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.