Shark

**Name of the Vulnerable Software and Affected Versions** The Holiday Calendar plugin versions prior to 1.11.3 **Description** A security issue exists due to the presence of XSS in the plugin, which can be exploited via the `thc-month` parameter. **Recommendations** For versions prior to 1.11.3, update to version 1.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter `thc-month` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JExperts Channel Platform version 5.0.33 CCB **Description** The issue allows remote authenticated users to bypass access restrictions. This is achieved by using crafted `action` and `key` parameters. **Recommendations** For JExperts Channel Platform version 5.0.33 CCB, consider restricting access to sensitive areas until a fix is available, and avoid using crafted `action` and `key` parameters to minimize the risk of exploitation.