Vuquyen03

**Name of the Vulnerable Software and Affected Versions** Frappe Framework version 15.89.0 **Description** A flaw exists within the Attachments module that permits arbitrary file uploads. Successful exploitation, involving the upload of a specially crafted XML file, could lead to the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Umbraco CMS version 16.3.3 **Description** An arbitrary file upload issue exists in Umbraco CMS version 16.3.3. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file. The supplier disputes responsibility, stating file validation is the system administrator's responsibility. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Piranha CMS version 12.1 **Description** A stored cross-site scripting (XSS) issue exists in the Page Settings module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Excerpt field. **Recommendations** Update Piranha CMS to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all input to the Excerpt field in the Page Settings module to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Piranha CMS version 12.1 **Description** A stored cross-site scripting (XSS) issue exists in the Media module. An attacker can inject a crafted payload into the `Name` field to execute arbitrary web scripts or HTML. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.