Avltree9798

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** The issue allows for open redirection via the `refer` parameter. **Recommendations** For PopojiCMS version 2.0.1, consider restricting access to the `refer` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** The issue concerns a stored XSS vulnerability. It is related to the `po-admin/route.php?mod=post&act=edit` endpoint, where the `post[1][content]` parameter is vulnerable. **Recommendations** For PopojiCMS version 2.0.1, consider restricting access to the `po-admin/route.php?mod=post&act=edit` endpoint until a patch is available. Avoid using the `post[1][content]` parameter in this endpoint to minimize the risk of exploitation.