Heroanswer

**Name of the Vulnerable Software and Affected Versions** Typecho versions 1.1 through 17.10.30-release **Description** The issue is related to an open redirect vulnerability. It can be exploited via the `referer` parameter to the "Login.php" endpoint. **Recommendations** For Typecho versions 1.1 through 17.10.30-release, consider restricting access to the `referer` parameter in the Login.php endpoint until a patch is available. Avoid using the `referer` parameter in the affected Login.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VNote version 2.2 **Description** The issue is related to a Cross-Site Scripting (XSS) flaw that can be triggered via a new text note. **Recommendations** For VNote version 2.2, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.