Snowhy

**Name of the Vulnerable Software and Affected Versions** MetInfo CMS version 8.0 **Description** A stored Cross-Site Scripting (XSS) flaw exists due to inadequate validation and sanitization of SVG file uploads within the `appsystemincludemoduleeditorUploader.class.php` component. This allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MetInfo CMS version 8.0 **Description** A stored Cross-Site Scripting (XSS) issue exists in the download management module of the software. The vulnerability is located in the `appsystemdownloadadmindownload admin.class.php` component. Attackers can upload malicious SVG files containing JavaScript code. This code executes when a user views or accesses the uploaded file. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MetInfo CMS version 8.0 **Description** A stored Cross-Site Scripting (XSS) issue exists in MetInfo CMS. The vulnerability is located in the column management module, specifically within the `appsystemcolumnadminindex.class.php` component. Attackers can exploit this to upload malicious SVG files that contain JavaScript code. When these files are viewed or accessed by users, the embedded JavaScript code executes. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.5.19 **Description** A stored Cross-Site Scripting (XSS) issue exists due to inadequate validation of SVG file uploads within the `/admin/media.php` component. This allows attackers to upload malicious SVG files containing JavaScript code. When these files are viewed, the embedded JavaScript code executes. The vulnerable component is the SVG file upload functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.1 **Description** An information disclosure issue exists in SeaCMS 13.1. The flaw is located in the `admin safe.php` component within the `/btcoan/` directory. Authenticated administrators can scan and download the application’s source code and potentially any file accessible on the server’s root directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.