V2Ish1Yan

**Name of the Vulnerable Software and Affected Versions** EyouCMS version 1.6.5 **Description** A critical issue affects the Backend component of EyouCMS, specifically the file /login.php?m=admin&c=Field&a=channel edit. The manipulation of the `channel id` argument leads to deserialization. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For EyouCMS version 1.6.5, as a temporary workaround, consider restricting access to the /login.php?m=admin&c=Field&a=channel edit endpoint until a patch is available. Avoid manipulating the `channel id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A vulnerability was found in the software, classified as problematic. It affects some unknown functionality of the file "/admin/?page=product/manage product&id=2". The manipulation of the `Product Name` argument leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For version 1.0, consider disabling the functionality related to the "/admin/?page=product/manage product&id=2" file until a patch is available. Restrict access to the `Product Name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.