Phantom4Me

**Name of the Vulnerable Software and Affected Versions** OFCMS version 1.14 **Description** A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via a crafted payload to the `title` addition component. This enables the attacker to execute malicious scripts, potentially leading to unauthorized access or data breaches. **Recommendations** For OFCMS version 1.14, consider disabling the title addition component until a patch is available to prevent exploitation. Restrict access to sensitive information and monitor for suspicious activity. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ujcms version 8.0.2 **Description** A spoofing attack allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the `X-Forwarded-For` function in the header. **Recommendations** For ujcms version 8.0.2, consider restricting access to the `X-Forwarded-For` function in the header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.