SQL injection vulnerability was discovered in Cotonti 0.9.13 (HTB23164). The vulnerability exists due to insufficient filtration of the "c" HTTP GET parameter passed to "index.php" script when HTTP GET "e" parameter is set to "rss". As a solution you can upgrade to Cotonti 0.9.14.
Multiple XSS vulnerabilities have been discovered in Jahia xCM version 6.6.1.0 r43343 by High-Tech Bridge Security Research Lab, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application.
The vulnerabilities exists due to insufficient sanitisation of user-supplied data in "site" HTTP GET parameter passed to "/engines/manager.jsp" script, "searchString" HTTP POST parameter passed to "/administration/" URI when "do=users" and "sub=search", "username", "manage-user-property#j:firstName", "manage-user-property#j:lastName", "manage-user-property#j:email" and "manage-user-property#j:organization" HTTP POST parameters passed to "/administration/" URI when "do=users" and "sub=processCreate". Risk level of this issues are Low, CVSSv2 Base Score=2.6
It is recommended to apply hotfix 7, that is available to all customers: hotfix 7.
Duplicator WordPress Plugin version 0.4.4 is vulnerable to perform cross-site scripting / XSS attack because insufficient filtration of user-supplied data in "package" HTTP GET parameter passed to "wp-content/plugins/duplicator/files/installer.cleanup.php" script exist. This attack can be exploited against a logged-in administrator to steal login cookies. Upgrade to Duplicator version 0.4.5 to be safe from this vulnerability in this plugin for WP.
Additional details provided here: www.htbridge.com/advisory/HTB23162.
Magnolia CMS versions 4.5.7 - 5.0.1 is vulnerable to cross-site scripting / XSS vulnerability due to insufficient sanitisation of user-supplied data in "username", "fullname" and "email" HTTP POST parameters passed to "magnoliaPublic/demo-project/members-area/registration.html" URL. Proof-of-Concept code and how-to fix guide are available on researcher's page: https://www.htbridge.com/advisory/HTB23163.
