Cray0Nlee

**Name of the Vulnerable Software and Affected Versions** PerfreeBlog version 4.0.11 **Description** A stored cross-site scripting vulnerability exists in the website name field of the backend system settings interface, allowing an attacker to insert and execute arbitrary malicious code. **Recommendations** For PerfreeBlog version 4.0.11, consider disabling the website name field in the backend system settings interface until a patch is available. Restrict access to the backend system settings interface to minimize the risk of exploitation. Avoid using the website name field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PerfreeBlog version 4.0.11 **Description** The issue allows regular users to exploit an arbitrary file upload vulnerability in the attach component, enabling them to upload arbitrary files and execute code within them. **Recommendations** For PerfreeBlog version 4.0.11, consider disabling the attach component until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the attach component to minimize the risk of uploading and executing malicious files.