南风过境-梦至西洲

**Name of the Vulnerable Software and Affected Versions** Rebuild version 3.2 **Description** A vulnerability has been found and classified as problematic, affecting unknown code and leading to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To resolve the issue, change the configuration settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dromara J2eeFAST versions up to 2.6.0 **Description** A problematic issue affects the System Message Handler component, where the manipulation of the argument `主题` or `??` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For Dromara J2eeFAST versions up to 2.6.0, apply the patch named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d to fix this issue. As a temporary workaround, consider restricting the manipulation of the `主题` or `??` argument in the System Message Handler component until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Dromara J2eeFAST versions up to 2.6.0 **Description** A problematic issue was found in the Announcement Handler component. The manipulation of the argument `系统工具/公告管理` or `????/????` leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Dromara J2eeFAST versions up to 2.6.0, apply a patch to fix this issue. The patch name is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. As a temporary workaround, consider restricting access to the Announcement Handler component until the patch is applied.