Yanc1Eo

Name of the Vulnerable Software and Affected Versions: hooskcms version 1.8 Description: The issue allows a remote attacker to cause a denial of service via the custom Link title parameter and the `Title` parameter. This is related to a Cross Site Scripting vulnerability. Recommendations: For hooskcms version 1.8, avoid using the `Title` parameter and the custom Link title parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: hooskcms version 1.7.1 Description: The issue allows a remote attacker to obtain sensitive information through the "/install/index.php" component. This is due to a Cross Site Scripting vulnerability. Recommendations: For hooskcms version 1.7.1, consider disabling access to the "/install/index.php" component until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: hooskcms version 1.7.1 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the "/install/index.php" component. Recommendations: For hooskcms version 1.7.1, update to a version that fixes this issue, as using the current version poses a risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FeMiner wms version 1.0 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the "inquire inout item.php" component. Recommendations: For FeMiner wms version 1.0, consider restricting access to the "inquire inout item.php" component until a patch is available.

Name of the Vulnerable Software and Affected Versions: FeMiner WMS version 1.0 Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the `itemid` parameter. Recommendations: For FeMiner WMS version 1.0, avoid using the parameter `itemid` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FeMiner wms version 1.0 Description: The issue allows a remote attacker to obtain sensitive information through the parameters `date1`, `date2`, and `id`. This is due to a SQL injection vulnerability. Recommendations: For FeMiner wms version 1.0, avoid using the parameters `date1`, `date2`, and `id` until the issue is resolved. As a temporary workaround, consider restricting access to these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FeMiner wms version 1.0 Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the `databak.php` component. This enables the attacker to access confidential data. Recommendations: For FeMiner wms version 1.0, consider restricting access to the `databak.php` component until a patch is available. As a temporary workaround, limit the information that can be accessed through this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.