Jayway007

**Name of the Vulnerable Software and Affected Versions** Halo versions prior to 1.3.3 **Description** A Server-Side Request Forgery (SSRF) issue exists in the SMTP configuration of the affected software, allowing detection of the server intranet. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** newbee-mall version 1.0 **Description** The issue allows for cross-site scripting. It can be triggered by writing an xss payload in the address information when buying goods, which is then executed when viewing the "View Recipient Information" of this order in "Order Management Office". The API endpoint involved is "shop-cart/settle". **Recommendations** For newbee-mall version 1.0, as a temporary workaround, consider restricting access to the "shop-cart/settle" endpoint until a patch is available. Additionally, avoid using potentially malicious input in the address information field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** newbee-mall all versions **Description** The issue concerns incorrect access control, allowing remote privilege escalation through the `AdminLoginInterceptor.java` file. Specifically, the authentication logic for the system's background `/admin` area, coded in `AdminLoginInterceptor`, can be bypassed. **Recommendations** For all versions, consider restricting access to the `AdminLoginInterceptor` function until a proper fix is implemented to prevent unauthorized access and privilege escalation. As a temporary workaround, review and reinforce the authentication logic to prevent bypassing, focusing on securing the background `/admin` area.

**Name of the Vulnerable Software and Affected Versions** newbee-mall versions all **Description** The issue allows for incorrect access control, enabling remote privilege escalation. This can be achieved through the NewBeeMallIndexConfigServiceImpl.java. An attacker can make unauthorized changes to any user information by utilizing the `userID`. **Recommendations** For all versions, consider restricting access to the NewBeeMallIndexConfigServiceImpl.java until a proper fix is applied. As a temporary workaround, avoid using the `userID` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Z-BlogPHP version 2.0.0 **Description** An issue allows remote attackers to inject arbitrary web script or HTML into background web site settings via the `copyright information office` field. This is a persistent XSS issue. The vendor indicates that the product was not intended to block this type of XSS by a user with admin privilege. **Recommendations** For Z-BlogPHP version 2.0.0, as a temporary workaround, consider restricting access to the `copyright information office` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Z-BlogPHP version 2.0.0 **Description** An issue was discovered where the `zb system/cmd.php` API endpoint, specifically the `act=verify` action, relies on MD5 for the `password` parameter. This could potentially make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. **Recommendations** For Z-BlogPHP version 2.0.0, consider using a stronger hashing algorithm for password verification as a mitigation measure. Avoid using the `password` parameter in the `zb system/cmd.php?act=verify` API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.