Acfirthh

**Name of the Vulnerable Software and Affected Versions** Grimmory versions prior to 2.3.1 **Description** A stored cross-site scripting (XSS) issue in the browser-based EPUB reader allows an attacker to embed arbitrary JavaScript within a crafted EPUB file. When a user opens the affected book, the script executes in the browser with full access to the application's session context. This can lead to session token theft and account takeover, including administrative access if an administrator opens the file. **Recommendations** Update to version 2.3.1.

**Name of the Vulnerable Software and Affected Versions** Fireshare versions 1.2.30 and below **Description** Fireshare is a self-hosted media and link sharing platform. Versions 1.2.30 and below allow an authenticated user, or an unauthenticated user if Public Uploads are enabled, to construct a malicious filename during video file uploads. This filename is directly incorporated into a shell command, potentially enabling path traversal for file uploads to arbitrary directories or Remote Code Execution (RCE). The issue involves the direct concatenation of the filename into a shell command. The `filename` variable is used in the construction of this command. **Recommendations** Update Fireshare to version 1.3.0 or later.