Onurcan Genç

**Name of the Vulnerable Software and Affected Versions** Mautic (affected versions not specified) **Description** A Server-Side Template Injection (SSTI) issue exists in the theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can exploit this to achieve Remote Code Execution (RCE), allowing the execution of arbitrary code on the hosting server, or to access restricted system files and configuration settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rolantis Information Technologies Agentis versions prior to 4.44 **Description** A session fixation issue exists in Rolantis Information Technologies Agentis. This allows an attacker to set or manipulate a user's session identifier before authentication, potentially leading to session hijacking. **Recommendations** Update Rolantis Information Technologies Agentis to version 4.44 or later.

Name of the Vulnerable Software and Affected Versions: Decap CMS versions through 3.8.3 Description: A Cross Site Scripting (XSS) vulnerability exists in Decap CMS. Input fields, including `body`, `tags`, `title`, and `description`, are not properly sanitized before being rendered in the content preview pane. This allows an attacker to inject arbitrary JavaScript that executes when a user views the preview panel. The vulnerability affects multiple input vectors and does not require user interaction beyond viewing the affected content. Recommendations: Update Decap CMS to a version later than 3.8.3.