Hhhha

**Name of the Vulnerable Software and Affected Versions** pojoin h3blog versions prior to 5bf704425ebc11f4c24da51f32f36bb17ae20489 **Description** A vulnerability exists in pojoin h3blog due to cross-site scripting. Manipulation of the `X-Forwarded-For` argument within the `ppt log` function in the `/login` file of the HTTP Header Handler component can trigger this issue. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** Update to a version prior to 5bf704425ebc11f4c24da51f32f36bb17ae20489. As a temporary workaround, consider restricting or disabling the use of the `X-Forwarded-For` header.