Onemanteam123321

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 and earlier **Description** A cross-site scripting (XSS) issue exists in the `contact us` plugin via the `List of subjects`. This can be exploited by someone with administrative privileges when they log in to the admin panel. **Recommendations** For Subrion CMS version 4.2.1 and earlier, consider disabling the `contact us` plugin until a patch is available. Restrict access to the admin panel to minimize the risk of exploitation. Avoid using the `List of subjects` feature in the `contact us` plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** A SQL injection issue exists in the visual-mode of the software. **Recommendations** For Subrion CMS version 4.2.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ocProducts Composr CMS versions prior to 10.0.38 **Description** The issue allows an attacker to inject JavaScript via Comcode, resulting in a cross-site scripting (XSS) attack. This can potentially lead to unauthorized access or control of user sessions. **Recommendations** For versions prior to 10.0.38, update to version 10.0.38 or later to resolve the issue. As a temporary workaround, consider restricting the use of Comcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ocProducts Composr CMS versions prior to 10.0.38 **Description** The issue allows an attacker to inject JavaScript via the staff messaging messaging system, resulting in a cross-site scripting (XSS) attack. This can potentially lead to unauthorized access or control of user sessions. **Recommendations** For versions prior to 10.0.38, update to version 10.0.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the staff messaging messaging system until the update is applied.