Ro6Otxx

**Name of the Vulnerable Software and Affected Versions** PESCMS version 2.3.3 **Description** A reflected XSS issue was found, which when combined with a CSRF in the same file, can lead to more significant damage. **Recommendations** For version 2.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PESCMS version 2.3.3 **Description** An issue was discovered in PESCMS where there is a CSRF vulnerability that can delete import information about a user's company. **Recommendations** For PESCMS version 2.3.3, as a temporary workaround, consider implementing CSRF protection measures to prevent unauthorized requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PESCMS version 2.3.3 **Description** An issue was discovered that allows attackers to delete admin and other members' account numbers due to a CSRF vulnerability. **Recommendations** For PESCMS version 2.3.3, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive account management features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.