Stypr

**Name of the Vulnerable Software and Affected Versions** Pi-hole versions prior to 5.8 **Description** The issue affects Pi-hole's Web interface, which is based on AdminLTE, allowing for cross-site scripting when adding a client via the groups-clients management page. This issue was patched in version 5.8. **Recommendations** For versions prior to 5.8, update to version 5.8 to resolve the issue. As a temporary workaround, consider restricting access to the groups-clients management page until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SOY Inquiry versions 2.0.0.3 and earlier **Description** The issue affects the SOY Inquiry component of SOY CMS, allowing remote attackers to force administrators to edit files by loading a specially crafted webpage. This can happen when an administrator is logged in. **Recommendations** For SOY Inquiry versions 2.0.0.3 and earlier, update to version 2.0.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SoyCMS versions 3.0.2 and earlier **Description** The issue allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage, leading to Remote Code Execution (RCE) due to Reflected Cross-Site Scripting (XSS). **Recommendations** For SoyCMS versions 3.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.3.6 and earlier baserCMS versions 4.2.0 through 4.3.6 baserCMS versions 3.0.10 through 4.3.6 **Description** The issue affects baserCMS, allowing for Cross Site Scripting (XSS) and Remote Code Execution (RCE) due to arbitrary file upload. This can be executed by logging in as a system administrator and uploading an executable script file, such as a PHP file. The affected components are ThemeFilesController.php and UploaderFilesController.php. **Recommendations** For versions 4.3.6 and earlier, update to version 4.3.7 to resolve the issue. For versions 4.2.0 through 4.3.6, update to version 4.3.7 to mitigate the XSS risk. For versions 3.0.10 through 4.3.6, update to version 4.3.7 to mitigate the RCE risk. As a temporary workaround, consider restricting access to the ThemeFilesController.php and UploaderFilesController.php components until a patch is applied. Avoid uploading executable script files, such as PHP files, to minimize the risk of exploitation.