Denpiligrim

**Name of the Vulnerable Software and Affected Versions** Repostat versions prior to 1.0.1 **Description** Repostat, a React component used to display GitHub repository information, contains a Reflected Cross-Site Scripting (XSS) issue. The `RepoCard` component previously used `dangerouslySetInnerHTML` to render the repository name (`repo` prop) during the loading state without proper sanitization. This allowed for the execution of arbitrary JavaScript in a user's browser if an attacker could control the input passed into the `repo` prop. The issue was addressed in version 1.0.1 by removing the use of `dangerouslySetInnerHTML` and utilizing standard React JSX data binding for safe rendering. **Recommendations** Update Repostat to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** 3DP-MANAGER versions 2.0.1 and prior **Description** 3DP-MANAGER, an inbound generator for 3x-ui, automatically creates an administrative account with default credentials (admin/admin) upon initial setup. An attacker with network access to the application’s login interface can exploit this to gain full administrative control, including the ability to manage VPN tunnels and system settings. **Recommendations** Update to version 2.0.2 to resolve this issue.