Unclej4Ck

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 **Description** A stored Cross-Site Scripting (XSS) issue exists in the media plugin. Attackers can inject malicious scripts using specially crafted `data-mce-*` attributes, which are then executed when the content is rendered. This affects users who have the media plugin enabled. **Recommendations** Update to version 5.11.1. Update to version 7.9.3. Update to version 8.5.1. As a temporary mitigation, disable the media plugin to prevent the execution of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 10.0.0 through 10.0.23 GLPI versions prior to 11.0.6 **Description** An authenticated user can perform a SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution, via the logs export feature. **Recommendations** Update to version 10.0.24. Update to version 11.0.6.