Edmpl

**Name of the Vulnerable Software and Affected Versions** Lumos versions prior to 1.0.17 **Description** The issue arises from the `ChatBar.tsx` component in Lumos, which parses raw HTML in Markdown. This occurs because the `markdown-to-jsx` package is used without setting `disableParsingRawHTML` to true. **Recommendations** For versions prior to 1.0.17, update to version 1.0.17 or later to resolve the issue. As a temporary workaround, consider setting `disableParsingRawHTML` to true in the `markdown-to-jsx` package to prevent raw HTML parsing.

**Name of the Vulnerable Software and Affected Versions** ResidenceCMS version 2.10.1 **Description** A stored cross-site scripting (XSS) issue exists, allowing a low-privilege user to create malicious property content with HTML inside, which acts as a stored XSS payload. **Recommendations** For ResidenceCMS version 2.10.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.