Phulelouch

**Name of the Vulnerable Software and Affected Versions** Silverpeas Core version 6.3 **Description** The issue is related to Cross Site Scripting (XSS) via the ClipboardSessionController. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions. **Recommendations** For Silverpeas Core version 6.3, as a temporary workaround, consider disabling the ClipboardSessionController function until a patch is available. Restrict access to the vulnerable controller to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghost versions prior to 5.82.0 **Description** The issue allows CSV Injection during a member CSV export. **Recommendations** For Ghost versions prior to 5.82.0, update to version 5.82.0 or later to resolve the issue.