Thinhnee

**Name of the Vulnerable Software and Affected Versions** dameng100 muucmf version 1.9.5.20260309 **Description** A remote SQL injection exists in the function `getListByPage()` within the file '/index/Search/index.html'. This issue occurs when the `keyword` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `getListByPage()` function or avoid using the `keyword` parameter in the '/index/Search/index.html' file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions gougucms version 4.08.18 Description A flaw exists in gougucms version 4.08.18 within the User Registration Handler component. Specifically, the `reg submit` function in the file gougucms-masterapphomecontrollerLogin.php is susceptible to manipulation of the `level` argument, resulting in dynamically-determined object attributes. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions gougucms version 4.08.18 Description A cross-site scripting issue exists in gougucms 4.08.18. The issue is located in an unknown function of the file `gougucms-masterappadminviewuserrecord.html` within the Record Endpoint component. Manipulation of the `value.content` argument can lead to cross-site scripting. The attack can be initiated remotely, and the exploit has been publicly released. The vendor was contacted but did not respond. Recommendations For gougucms version 4.08.18, address the cross-site scripting issue by sanitizing the `value.content` argument in the `gougucms-masterappadminviewuserrecord.html` file of the Record Endpoint component.

**Name of the Vulnerable Software and Affected Versions** dameng100 muucmf version 1.9.5.20260309 **Description** A flaw exists in dameng100 muucmf version 1.9.5.20260309. The issue involves cross site scripting triggered by manipulating the `Search` argument in the file `/admin/Member/index.html`. The attack can be initiated remotely via an unknown function. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dameng100 muucmf version 1.9.5.20260309 **Description** A cross site scripting issue exists in dameng100 muucmf. The issue is located in the file `/admin/extend/list.html` within an unknown function. Manipulating the `Name` argument can lead to exploitation. The exploit has been publicly disclosed. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dameng100 muucmf version 1.9.5.20260309 **Description** A security issue exists in dameng100 muucmf version 1.9.5.20260309. The issue is related to cross site scripting, stemming from manipulation of the `keyword` argument within an unknown function of the file `channel/admin.Account/autoReply.html`. This allows for remote attacks. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dameng100 muucmf version 1.9.5.20260309 **Description** A cross site scripting issue exists due to manipulation of the `Name` argument. The issue is located in an unknown function within the file '/admin/config/list.html'. The attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.