Riteshgupta1993

**Name of the Vulnerable Software and Affected Versions** feindura version 2.0.7 **Description** The issue allows for XSS via the `tags` field of a new page created at "index.php?category=0&page=new". **Recommendations** For feindura version 2.0.7, consider restricting access to the `tags` field in the new page creation process at "index.php?category=0&page=new" until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pluck version 4.7.7 **Description** The issue allows for XSS (Cross-Site Scripting) attacks via an SVG file containing Javascript in a SCRIPT element. This file can be uploaded through the 'pages->manage' section under the 'admin.php?action=files' endpoint. **Recommendations** For Pluck version 4.7.7, consider restricting access to the file upload functionality under 'admin.php?action=files' to minimize the risk of exploitation. As a temporary workaround, avoid using the file upload feature in the 'pages->manage' section until a patch is available.