S4Fv4N

**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.9 **Description** An arbitrary file upload vulnerability in the Add Category function allows attackers to execute arbitrary code via uploading a crafted file. **Recommendations** For Codoforum version 4.9, consider disabling the Add Category function until a patch is available to prevent exploitation. Restrict access to file upload features to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Codoforum version 4.9 **Description** The issue is a Stored Cross-Site Scripting (XSS) vulnerability, which allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the Category name component. **Recommendations** For Codoforum version 4.9, consider disabling the Category name component until a patch is available to prevent exploitation of the Stored Cross-Site Scripting (XSS) vulnerability.

**Name of the Vulnerable Software and Affected Versions** JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 **Description** An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. **Recommendations** For JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15, consider disabling the Network Troubleshooting functionality as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.