Din4

**Name of the Vulnerable Software and Affected Versions** perfree go-fastdfs-web versions prior to 1.3.8 **Description** A flaw in the Installation Endpoint allows for remote server-side request forgery (SSRF), which occurs when an attacker can induce the server-side application to make requests to an unintended location. This issue is located in the `checkServer()` function within the '/install/checkServer' endpoint. **Recommendations** Update to a version later than 1.3.7. As a temporary workaround, restrict access to the '/install/checkServer' endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Dataease SQLbot versions up to 1.6.0 Description A server-side request forgery exists in the Elasticsearch Handler component, specifically within the `get es data by http` function of the `backend/apps/db/es engine.py` file. Manipulation of the `address` argument can trigger this issue, allowing for remote exploitation. The exploit has been publicly disclosed. Recommendations Upgrade to version 1.7.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** trueleaf ApiFlow version 0.9.7 **Description** A server-side request forgery condition exists in the URL Validation Handler component of trueleaf ApiFlow. The issue is located in the `validateUrlSecurity` function within the `http proxy.service.ts` file. This manipulation can lead to server-side request forgery. Remote exploitation is possible, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** perfree go-fastdfs-web versions through 1.3.7 **Description** A security issue has been identified in the `rememberMeManager` function within the Apache Shiro RememberMe component of perfree go-fastdfs-web. This function, located in the file `src/main/java/com/perfree/config/ShiroConfig.java`, utilizes a hard-coded cryptographic key. This allows for remote attacks, though the complexity is considered high and exploitability is reported as difficult. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions through 1.3.7 should be updated to a newer, secure version as soon as it becomes available. As a temporary workaround, consider disabling the RememberMe functionality within the Apache Shiro configuration until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenAkita versions up to 1.24.3 **Description** A weakness exists in OpenAkita impacting the `run` function within the `src/openakita/tools/shell.py` file of the Chat API Endpoint component. Manipulation of the `Message` argument can lead to operating system command injection. The attack is limited to local execution. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 1.24.3 should be updated. Consider temporarily disabling the Chat API Endpoint component until a fix is available. Restrict or sanitize the `Message` argument passed to the `run` function to prevent command injection.

**Name of the Vulnerable Software and Affected Versions** 1024-lab/lab1024 SmartAdmin versions prior to 3.30 **Description** A security flaw exists in the Notice Module of 1024-lab/lab1024 SmartAdmin. The issue involves a cross-site scripting condition within the file `smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue` and an unknown function. This allows for remote attacks. The exploit has been publicly released. **Recommendations** Update 1024-lab/lab1024 SmartAdmin to version 3.30 or later. As a temporary workaround, consider restricting access to the Notice Module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 1024-lab/lab1024 SmartAdmin versions prior to 3.29 **Description** A cross site scripting issue exists in the Help Documentation Module of 1024-lab/lab1024 SmartAdmin. The issue is related to an unknown function within the file `sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java`. This manipulation can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** Update 1024-lab/lab1024 SmartAdmin to a version later than 3.29.

**Name of the Vulnerable Software and Affected Versions** 1024-lab/lab1024 SmartAdmin versions up to 3.29 **Description** A flaw exists in the `freemarkerResolverContent` function within the FreeMarker Template Handler component, specifically in the file `sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java`. Manipulation of the `template content` argument can lead to improper neutralization of special elements used in a template engine, allowing for remote exploitation. The exploit has been published. **Recommendations** Versions prior to 3.29 should be updated. As a temporary workaround, consider restricting the use of the `freemarkerResolverContent` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ContiNew Admin versions through 4.2.0 **Description** A security issue exists in ContiNew Admin related to the Storage Management Module. The `URI.create` function within the file `continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java` is susceptible to server-side request forgery. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 4.2.0 are affected. As a temporary workaround, consider disabling the Storage Management Module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 07FLYCMS versions up to 1.2.9 07FLY-CMS versions up to 1.2.9 07FlyCRM versions up to 1.2.9 **Description** A security flaw exists in 07FLYCMS, 07FLY-CMS, and 07FlyCRM. The issue is related to cross site scripting, triggered by manipulating the `Title` argument within an unknown function of the `/admin/SysModule/edit.html` file in the System Extension Module. The attack can be initiated remotely, and the exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Versions prior to 1.2.9 should be updated. As a temporary workaround, consider restricting access to the `/admin/SysModule/edit.html` file. Avoid using the `Title` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** a466350665 Smart-SSO versions up to 2.1.1 **Description** A flaw exists in a466350665 Smart-SSO, potentially allowing for cross site scripting. The issue is related to the manipulation of the `redirectUri` argument within the file smart-sso-server/src/main/resources/templates/login.html of the Login component. This manipulation can be performed remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 2.1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** a466350665 Smart-SSO versions up to 2.1.1 **Description** A flaw exists in a466350665 Smart-SSO that may allow for cross site scripting. This issue is related to the `Save` function within the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java, specifically in the 'Role Edit Page' component. The attack can be carried out remotely. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** erzhongxmu JEEWMS version 3.7 **Description** A server-side request forgery issue exists due to the manipulation of the `upfile` argument in the /plug-in/ueditor/jsp/getRemoteImage.jsp file. This can be exploited remotely. The exploit has been publicly disclosed. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** erzhongxmu JEEWMS versions up to 3.7 **Description** A flaw exists in erzhongxmu JEEWMS, specifically within the UEditor component, affecting the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp. The `myEditor` argument can be manipulated to trigger cross site scripting. This attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.8 should be updated.

**Name of the Vulnerable Software and Affected Versions** erzhongxmu JEEWMS versions up to 3.7 **Description** A flaw exists in erzhongxmu JEEWMS that allows for cross site scripting. The issue is located in the `doAdd` function within the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. Manipulation of the `Name` argument can trigger this flaw. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.8 should be updated. As a temporary workaround, consider restricting or disabling the `doAdd` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rachelos WeRSS we-mp-rss versions up to 1.4.8 **Description** A flaw exists in the fix html function within the tools/fix.py file of the Article Module component. This issue allows for cross site scripting, and can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update rachelos WeRSS we-mp-rss to a version later than 1.4.8.

**Name of the Vulnerable Software and Affected Versions** rachelos WeRSS versions up to 1.4.8 **Description** A flaw exists in the `download export file` function within the `apis/tools.py` file. Manipulating the `filename` argument can lead to path traversal, allowing for remote exploitation. The exploit has been published. **Recommendations** Versions prior to 1.4.8 should be updated. As a temporary workaround, restrict access to the `download export file` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rachelos WeRSS we-mp-rss versions up to 1.4.8 **Description** A flaw exists in the JWT Handler component within the core/auth.py file of rachelos WeRSS we-mp-rss. Manipulation of the `SECRET KEY` argument leads to the use of a default cryptographic key. This issue is remotely exploitable and is considered difficult to exploit, but the exploit is publicly available. **Recommendations** Versions prior to 1.4.8 should be updated.

**Name of the Vulnerable Software and Affected Versions** xerrors Yuxi-Know versions up to 0.4.0 **Description** A server-side request forgery condition exists in the `OtherEmbedding.aencode` function within the `/src/models/embed.py` file. Manipulation of the `health url` argument can trigger this issue, allowing for remote exploitation. The vendor has confirmed the vulnerability and implemented security measures including disabling URL parsing, URL upload mode, and URL-to-markdown conversion. The exploit is publicly available. **Recommendations** Deploy the patch 0ff771dc1933d5a6b78f804115e78a7d8625c3f3.

**Name of the Vulnerable Software and Affected Versions** rachelos WeRSS we-mp-rss versions up to 1.4.7 **Description** A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The `do job` function within the `/rachelos/we-mp-rss/blob/main/jobs/mps.py` file is susceptible to server-side request forgery (SSRF). Manipulation of the `web hook url` argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available. **Recommendations** Versions prior to 1.4.7 should be updated. As a temporary workaround, consider restricting or disabling the use of the `web hook url` argument in the `do job` function until a patch is available.