Fupinglee

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 0.9.66 Description: The issue allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. This is a result of a Cross Site Scripting (XSS) flaw. Recommendations: For versions prior to 0.9.66, update to version 0.9.66 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0.20180210 **Description** A remote code execution issue was found, allowing an attacker to upload a ZIP archive containing a .jsp file with a directory traversal pathname. After the unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. **Recommendations** For PublicCMS version 4.0.20180210, consider restricting the upload of ZIP archives or limiting the execution of .jsp files to prevent arbitrary code execution until a patch is available. As a temporary workaround, restrict access to directories where .jsp files can be executed to minimize the risk of exploitation.