Jas0Nwhy

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 6.61 **Description** The issue is related to a problem where an attacker can execute arbitrary code via the `v content` parameter in the `admin video.php` file, which is linked to the site name. **Recommendations** For SeaCMS version 6.61, avoid using the `v content` parameter in the `admin video.php` file until a fix is available. As a temporary workaround, consider restricting access to the `admin video.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** The issue is related to a form parameter in a specific page. The `remark` parameter in the form on the page index.php?m=link&f=index&v=add is vulnerable to XSS attacks. **Recommendations** For WUZHI CMS version 4.1.0, consider restricting access to the `index.php?m=link&f=index&v=add` page until a fix is available, and avoid using the `remark` parameter in the form on this page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** The issue is related to a form parameter in a specific PHP file, allowing for XSS attacks. The vulnerable parameter is `statcode` in the form on the page index.php?m=core&f=set&v=basic. **Recommendations** For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the index.php?m=core&f=set&v=basic page to minimize the risk of exploitation. Avoid using the `statcode` parameter in the affected form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.