Hashshfza

**Name of the Vulnerable Software and Affected Versions** Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform version 1.02.040 **Description** A Cross Site Scripting (XSS) issue allows attackers to execute arbitrary code via uploading a crafted HTML file to the "upfile.cgi" API endpoint. **Recommendations** For version 1.02.040, consider disabling the file upload functionality to the "upfile.cgi" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-7500G-CI version 19.05.29A **Description** A Cross Site Scripting (XSS) issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For D-Link DI-7500G-CI version 19.05.29A, consider disabling access to the /auth pic.cgi interface until a patch is available to prevent exploitation. Avoid uploading HTML files to this interface until the issue is resolved.