Dev03301

**Name of the Vulnerable Software and Affected Versions** MikeCen WeChat-Face-Recognition (affected versions not specified) **Description** A security flaw exists in MikeCen WeChat-Face-Recognition. The issue involves cross site scripting resulting from manipulation of the `echostr` argument within the `valid` function of the `wx.php` file. This attack can be launched remotely. The product does not use versioning, and information about affected and unaffected releases is unavailable. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wangchenyi1996 chat forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2 **Description** A flaw exists in wangchenyi1996 chat forum, potentially allowing for cross site scripting. The issue is related to the manipulation of the `path` argument within the `/q.php` file and an unknown function. The attack can be initiated remotely. This product operates on a rolling release basis, meaning there are no specific version details for affected or updated releases. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: editso fuso versions up to 1.0.4-beta.7 Description: A flaw exists due to inadequate encryption strength caused by the manipulation of the `priv key` argument within the `PenetrateRsaAndAesHandshake` function located in the `src/net/penetrate/handshake/mod.rs` file. Remote exploitation is possible, but requires a high degree of complexity and is considered difficult to execute. Recommendations: Versions prior to 1.0.4-beta.7: Address the inadequate encryption strength in the `PenetrateRsaAndAesHandshake` function by carefully validating and sanitizing the `priv key` argument. As a temporary workaround, consider restricting access to the `PenetrateRsaAndAesHandshake` function until a more permanent solution is implemented.

Name of the Vulnerable Software and Affected Versions: jasonclark getsemantic versions up to 040c96eb8cf9947488bd01b8de99b607b0519f7d Description: A vulnerability exists in jasonclark getsemantic. The issue is related to cross site scripting, triggered by manipulating the `view` argument in the `/index.php` file. The vulnerability resides in an unknown function. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was contacted but did not respond. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.