CVE-2026-28130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through = 4.14.0...

CVE-2025-63062

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through = 4.14.0...