Szfsiro

**Name of the Vulnerable Software and Affected Versions** Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 **Description** The issue allows an attacker to execute arbitrary remote code via the `Upfile` function of the "extend/tools/Ueditor" endpoint. This enables remote code execution, potentially leading to severe security consequences. **Recommendations** For Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075, consider disabling the `Upfile` function of the extend/tools/Ueditor endpoint as a temporary workaround until a patch is available. Restrict access to the extend/tools/Ueditor endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HisiPHP version 2.0.8 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It is associated with the failure to protect the web page structure, specifically via the group name in addgroup.html. This could allow a remote attacker to perform cross-site scripting attacks. **Recommendations** For HisiPHP version 2.0.8, as a temporary workaround, consider restricting access to the addgroup.html component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.