CVE-2022-38444 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file.
CVE Solution: Update
CVE-2022-40047 Flatpress v1.2.1 has an XSS vulnerability via the page parameter in the admin section.
An attacker can inject malicious script code in the page parameter to execute arbitrary script code in the browser of an unsuspecting user through this