Isecream

**Name of the Vulnerable Software and Affected Versions** JPress version 1.0-rc.5 **Description** The issue concerns stored XSS that can be triggered via the first three input fields. This is demonstrated by the `web name` parameter in the "/starter-tomcat-1.0/admin/setting" API endpoint. **Recommendations** For JPress version 1.0-rc.5, as a temporary workaround, consider restricting access to the "/starter-tomcat-1.0/admin/setting" API endpoint until a patch is available. Avoid using the `web name` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0 **Description** An issue in PublicCMS allows cross-site scripting (XSS) by modifying the `page list` "attached" attribute. This can be achieved through an SQL statement, such as 'UPDATE sys module SET attached = "[XSS]" WHERE id="page list"'. **Recommendations** For PublicCMS version 4.0, update the `page list` "attached" attribute to prevent XSS attacks, ensuring that user input is properly sanitized to avoid malicious script execution. As a temporary workaround, consider restricting access to the `sys module` table to minimize the risk of exploitation.