Lsda24

**Name of the Vulnerable Software and Affected Versions** y project RuoYi version 4.7.8 **Description** A vulnerability was found in the HTTP POST Request Handler component, specifically affecting the /login file. The issue arises from the manipulation of the `rememberMe` argument with malicious input, leading to cross-site scripting. The attack can be initiated remotely. **Recommendations** For y project RuoYi version 4.7.8, as a temporary workaround, consider restricting access to the `/login` endpoint or disabling the `rememberMe` argument until a patch is available. Avoid using the `rememberMe` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZenTao PMS version 18.8 **Description** A problematic vulnerability was found in the software, affecting an unknown functionality, which leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For ZenTao PMS version 18.8, update to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the affected functionality to minimize the risk of exploitation.