Priyank Sethi

**Name of the Vulnerable Software and Affected Versions** Twonky Server versions prior to 8.5.1 **Description** The issue allows for XSS via a folder name on the Shared Folders screen. **Recommendations** For versions prior to 8.5.1, update to version 8.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Twonky Server versions prior to 8.5.1 **Description** The issue allows for XSS via a modified `language` parameter in the Language section. **Recommendations** For versions prior to 8.5.1, update to version 8.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Language section until the update is applied. Avoid using modified `language` parameters in the affected section until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Frog CMS version 0.9.5 **Description** The issue concerns a security problem where an attacker can inject malicious code. This is possible through the `name` field when creating a new "File" or "Directory" on the admin screen, specifically at the "plugin/file manager/browse/" endpoint. **Recommendations** For Frog CMS version 0.9.5, as a temporary workaround, consider restricting access to the `plugin/file manager/browse/` endpoint until a patch is available. Avoid using the `name` field in the affected endpoint until the issue is resolved.