Zeel Chavda

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.9.11 **Description** The issue allows for CSRF, which can be exploited by an attacker to perform unintended actions on the affected system. **Recommendations** For versions prior to 2.9.11, update to version 2.9.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.9.11 **Description** The issue concerns CSV injection in reports within the admin backend. **Recommendations** For versions prior to 2.9.11, update to version 2.9.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue in Subrion CMS allows for XSS due to the `uploads/.htaccess` file not blocking .html file uploads, while it does block other file types such as .htm. **Recommendations** For Subrion CMS version 4.2.1, consider restricting or blocking .html file uploads in the `uploads/.htaccess` file as a temporary workaround until a patch is available.