Deenrookie

**Name of the Vulnerable Software and Affected Versions** yii2 fecshop versions 2.x **Description** A reflected XSS issue was discovered in the check cart page, allowing for potential malicious script execution. **Recommendations** For yii2 fecshop versions 2.x, update to a version that includes a fix for this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ThinkAdmin versions 4.x through 6.x **Description** An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php" and "app/wechat/controller/api/Push.php". **Recommendations** For ThinkAdmin versions 4.x through 6.x, consider disabling access to the `Update.php` and `Push.php` files in the `app/admin/controller/api` and `app/wechat/controller/api` directories, respectively, until a patch is available. Restricting access to these files can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.