Dtwin

**Name of the Vulnerable Software and Affected Versions** dazhouda lecms version 3.0.3 **Description** A vulnerability has been found in dazhouda lecms, affecting an unknown part of the file "/index.php?my-profile-ajax-1" of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For dazhouda lecms version 3.0.3, consider disabling access to the "/index.php?my-profile-ajax-1" endpoint until a patch is available. Restrict access to the Personal Information Page component to minimize the risk of exploitation. Avoid using the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dazhouda lecms version 3.0.3 **Description** A vulnerability was found in the software, which has been rated as problematic. It affects some unknown functionality of the file admin/view/default/user set.htm, leading to information disclosure. The attack may be launched remotely. **Recommendations** For dazhouda lecms version 3.0.3, consider restricting access to the file admin/view/default/user set.htm to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** dazhouda lecms versão 3.0.3 **Descrição** Foi identificado um problema no componente Password Change Handler, afetando o arquivo /index.php?my-password-ajax-1. Isso resulta em falsificação de solicitação entre sites (CSRF) e pode ser iniciado remotamente. O exploit foi divulgado publicamente. **Recomendações** Para o dazhouda lecms versão 3.0.3, considere desativar a funcionalidade `my-password-ajax-1` no componente Password Change Handler até que um patch esteja disponível. Restrinja o acesso ao endpoint `/index.php?my-password-ajax-1` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** dazhouda lecms versions up to 3.0.3 **Description** A problematic issue has been found in the affected software, impacting some unknown functionality of the file `/admin` of the component Edit Profile Handler. This issue leads to cross site scripting and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For versions up to 3.0.3, consider disabling the Edit Profile Handler component until a patch is available. Restrict access to the `/admin` file to minimize the risk of exploitation. Avoid using the affected functionality of the Edit Profile Handler component until the issue is resolved.

**Nome do Software Vulnerável e Versões Afetadas** caipeichao ThinkOX versão 1.0 **Descrição** Uma vulnerabilidade problemática foi encontrada no componente de Pesquisa do software. O problema está relacionado à manipulação do argumento `keywords`, o que leva a cross-site scripting. Isso pode ser iniciado remotamente. O exploit foi divulgado publicamente. **Recomendações** Para a versão 1.0, considere restringir o acesso ao endpoint `/ThinkOX-master/index.php?s=/Weibo/Index/search.html` para minimizar o risco de exploração. Como solução temporária, evite usar o argumento `keywords` no componente de Pesquisa afetado até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.