Zftishack

**Name of the Vulnerable Software and Affected Versions** Dreamer CMS version 3.0.1 **Description** The issue is related to stored Cross Site Scripting (XSS), which allows attackers to inject malicious scripts into content. This can lead to the execution of unauthorized code on the client-side. **Recommendations** For Dreamer CMS version 3.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** A SQL injection issue was discovered in JFinal CMS via the `/system/user` API endpoint. This allows for potential exploitation. **Recommendations** For JFinal CMS version 5.1.0, consider restricting access to the `/system/user` API endpoint until a patch is available. As a temporary workaround, avoid using sensitive queries in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.