Shaojiejiang

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** A cross-site scripting (XSS) issue exists in the EyesOfNetwork web interface, allowing remote authenticated administrators to inject arbitrary web script or HTML. This can be achieved by manipulating the `object` parameter in the `module/admin conf/index.php` API endpoint. **Recommendations** For version 5.1-0, as a temporary workaround, consider restricting access to the `module/admin conf/index.php` endpoint until a patch is available. Avoid using the `object` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the `bp name` parameter to the "/module/admin bp/add services.php" API endpoint. **Recommendations** For EyesOfNetwork version 5.1-0, as a temporary workaround, consider restricting access to the "/module/admin bp/add services.php" API endpoint until a patch is available. Avoid using the `bp name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface. This allows remote authenticated users to inject arbitrary web script or HTML via the `url` parameter to "module/module frame/index.php". **Recommendations** For version 5.1-0, consider restricting access to the module frame/index.php module until a patch is available. As a temporary workaround, avoid using the `url` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** A cross-site scripting (XSS) issue exists in the EyesOfNetwork web interface, allowing remote authenticated users to inject arbitrary web script or HTML. This is achieved by manipulating the `filter` parameter in the `/module/module filters/index.php` API endpoint. **Recommendations** For version 5.1-0, as a temporary workaround, consider restricting access to the `/module/module filters/index.php` endpoint until a patch is available. Avoid using the `filter` parameter in this endpoint to minimize the risk of exploitation.