Piggyctf

**Name of the Vulnerable Software and Affected Versions** Total.js CMS version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via the func.js file. **Recommendations** For Total.js CMS version 1.0, update the func.js file to prevent arbitrary code execution or consider disabling the func.js file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Healthcare-Chatbot versions through 9b7058a **Description** A Cross Site Scripting issue can occur via a crafted payload to the `email1` or `pwd1` parameter in "login.php". **Recommendations** For Healthcare-Chatbot versions through 9b7058a, as a temporary workaround, consider restricting access to the "login.php" endpoint until a patch is available. Avoid using the parameters `email1` and `pwd1` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.