Eveo

**Name of the Vulnerable Software and Affected Versions** xnx3 wangmarket versions up to 4.9 **Description** A security flaw exists in xnx3 wangmarket up to version 4.9, specifically within the System Variables Page functionality located at the '/admin/system/variableSave.do' file. Manipulation of the `Description` argument can lead to cross site scripting. The exploit has been publicly released and may be used for attacks. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xnx3 wangmarket versions prior to 4.9 **Description** A weakness exists in xnx3 wangmarket that may allow for cross site scripting. The issue affects the `variableList` function within the `/admin/system/variableList.do` file of the Backend Variable Search component. Manipulation of the `Description` argument can be exploited remotely. The exploit has been publicly released. **Recommendations** Versions prior to 4.9 should be updated. As a temporary workaround, consider restricting access to the `/admin/system/variableList.do` endpoint to minimize the risk of exploitation.