Yundiaoo

Name of the Vulnerable Software and Affected Versions: umeditor version 1.2.3 Description: The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the /public/common/umeditor/php/getcontent.php endpoint. Recommendations: For umeditor version 1.2.3, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 5.1.0 Description: The issue is related to a Cross Site Request Forgery (CSRF) vulnerability, which can be exploited to add an admin account. This allows an attacker to potentially gain unauthorized access to the system. Recommendations: For ThinkCMF version 5.1.0, update to a newer version that contains a fix for this issue, as using this version poses a significant security risk due to the potential for unauthorized admin account creation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue is related to a SQL Injection vulnerability in the search page of Subrion CMS when a website uses a PDO connection. Recommendations: For Subrion CMS version 4.2.1, consider disabling the search functionality until a patch is available to prevent potential SQL Injection attacks. Restrict access to the search page to minimize the risk of exploitation.