Hsuan

**Name of the Vulnerable Software and Affected Versions** Tad Book3 (affected versions not specified) **Description** The editing book function in Tad Book3 does not filter special characters, allowing unauthenticated attackers to remotely inject JavaScript syntax and execute stored XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tad Honor (affected versions not specified) **Description** The Tad Honor viewing book list function is vulnerable to authorization bypass. This allows remote attackers to use special parameters to delete articles arbitrarily without logging in. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TadTools (affected versions not specified) **Description** The issue concerns a special page parameter in TadTools that fails to properly restrict input of specific characters. This allows remote attackers to inject JavaScript syntax without logging in, potentially leading to reflective XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TadTools (affected versions not specified) **Description** The issue concerns the file extension filtering in the TadTools file upload function. This filtering failure allows remote attackers to upload any type of file and execute arbitrary code without the need for login credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tad Uploader (affected versions not specified) **Description** The issue arises from the new add subject parameter of the Tad Uploader view book list function, which fails to filter special characters. This allows unauthenticated attackers to remotely inject JavaScript syntax and execute stored XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tad Web (affected versions not specified) **Description** The issue allows remote attackers to bypass authorization, enabling them to exploit the system's original function for viewing bulletin boards and uploading files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tad Book3 (affected versions not specified) **Description** The issue is related to the lack of identity verification on the editing book page, allowing remote attackers to view and modify arbitrary book content without permission. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TadTools (affected versions not specified) **Description** The TadTools special page is vulnerable to authorization bypass, allowing remote attackers to delete arbitrary files in the system without logging in. They can use a specific parameter to achieve this. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tad Uploader (affected versions not specified) **Description** The Tad Uploader edit book list function is vulnerable to authorization bypass. This allows remote attackers to amend the folder names in the book list without logging in. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.