Srpopty

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.2.0 through 4.3.1 **Description** The issue is caused by a lack of input validation, resulting in an open redirect and XSS issue within the new mfa selection screen. **Recommendations** For Joomla! versions 4.2.0 through 4.3.1, update to a version that includes the necessary input validation to prevent open redirect and XSS issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Typecho version 1.2.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the Comment Manager component, specifically through the "/admin/manage-comments.php" API endpoint. This enables the attacker to inject malicious scripts into the application. **Recommendations** For Typecho version 1.2.0, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the "/admin/manage-comments.php" endpoint to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.106 **Description** A SQL injection issue allows a remote attacker to execute arbitrary code via the `rank *` parameter in the "/dedestory catalog.php" endpoint. **Recommendations** For DedeCMS version 5.7.106, as a temporary workaround, consider restricting access to the "/dedestory catalog.php" endpoint until a patch is available. Avoid using the `rank *` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.106 **Description** A SQL injection issue allows a remote attacker to execute arbitrary code via the `rank *` parameter in the "/dede/group store.php" endpoint. **Recommendations** For DedeCMS version 5.7.106, consider restricting access to the "/dede/group store.php" endpoint until a patch is available, and avoid using the `rank *` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Typecho version 1.2.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `Post Editor` parameter. This enables the attacker to inject malicious scripts into the website, potentially leading to unauthorized access or data theft. **Recommendations** For Typecho version 1.2.0, as a temporary workaround, consider disabling the `Post Editor` parameter until a patch is available. Restrict access to the Post Editor feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Typecho version 1.2.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For Typecho version 1.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DiscuzX version 3.4 **Description** A cross site scripting (XSS) issue allows attackers to execute arbitrary code via the `datetline`, `title`, `tpp`, or `username` parameters through the audit search. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For DiscuzX version 3.4, as a temporary workaround, consider restricting access to the audit search function until a patch is available. Additionally, avoid using the `datetline`, `title`, `tpp`, or `username` parameters in the audit search until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions 1.6.0 and earlier **Description** A reflected-XSS issue was discovered in the article publish component. The issue is related to the cookie `ENV LIST URL`. **Recommendations** For EyouCMS versions 1.6.0 and earlier, update to a version later than 1.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the article publish component until a patch is available. Avoid using the cookie `ENV LIST URL` in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.6.0 **Description** A reflected-XSS issue was discovered in the FileManager component. The issue occurs in the GET parameter `filename` when editing any file. **Recommendations** For EyouCMS versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.6.0 **Description** A reflected-XSS issue was discovered in the article attribute editor component. This occurs when the POST value `value` contains a non-integer character. **Recommendations** For EyouCMS versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.6.0 **Description** A reflected-XSS issue was discovered in the article type editor component. The issue occurs when the POST value `name` contains a malformed UTF-8 character. **Recommendations** For EyouCMS versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the `name` parameter in the POST request to prevent the injection of malformed UTF-8 characters.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.6.0 **Description** A reflected-XSS issue was discovered in the FileManager component. The issue occurs when creating a new file and is related to the `activepath` variable in the GET request. **Recommendations** For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.6.0 **Description** A reflected-XSS issue was discovered in the article publish component. The issue is related to the cookie `ENV GOBACK URL`. **Recommendations** For EyouCMS versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.