0X2E

**Name of the Vulnerable Software and Affected Versions** Phachon mm-wiki version 0.1.2 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. This could allow a remote attacker to execute arbitrary code, and any user browsing the document containing malicious code will trigger the issue. **Recommendations** For Phachon mm-wiki version 0.1.2, consider disabling the markdown editor until a patch is available to prevent exploitation. Restrict access to documents that may contain malicious JavaScript code to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Phachon mm-wiki version 0.1.2 **Description** A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the `system/user/save` parameter. **Recommendations** For Phachon mm-wiki version 0.1.2, consider restricting access to the `system/user/save` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gridea version 0.8.0 **Description** The issue allows for arbitrary code execution through an XSS vulnerability. This can be achieved by calling the Nodejs module, as demonstrated by the use of `child process.exec` and the substring `<img src=# onerror='eval(new Buffer(`. **Recommendations** For Gridea version 0.8.0, consider disabling the `child process.exec` function until a patch is available to prevent arbitrary code execution. Restrict access to the Nodejs module to minimize the risk of exploitation. Avoid using the `eval` function in the `onerror` attribute of the `img` tag until the issue is resolved.