Scott Sturrock

**Name of the Vulnerable Software and Affected Versions** DirectAdmin version 1.680 **Description** An issue allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content. This is achieved by submitting a crafted GET request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AjaXplorer version 4.2.3 **Description** An issue in AjaXplorer allows attackers to cause cross-site scripting vulnerabilities via a crafted svg file upload. **Recommendations** For AjaXplorer version 4.2.3, consider restricting the upload of svg files to prevent cross-site scripting attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** kfm versions through 1.4.7 **Description** A cross-site scripting (XSS) issue exists, allowing for the execution of malicious scripts via a crafted GET request to the "/kfm/index.php" API endpoint. **Recommendations** For versions through 1.4.7, update to a version that contains a fix for this issue.