Chimmeee

**Name of the Vulnerable Software and Affected Versions** Lute versions prior to 1.7.7 **Description** Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting (XSS) issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into Markdown text or a note. When another user clicks the rendered content, the script executes within their session. **Recommendations** Update to version 1.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** vvveb CMS version 1.0.6 **Description** The issue allows a remote attacker to execute arbitrary code via the Plugin mechanism. **Recommendations** For vvveb CMS version 1.0.6, consider disabling the Plugin mechanism until a patch is available.