Jiaqi

**Name of the Vulnerable Software and Affected Versions** BEECMS version 4.0 **Description** A vulnerability was found in BEECMS, affecting an unknown part of the file /admin/admin content tag.php?action=save content. The manipulation of the `tag` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling access to the /admin/admin content tag.php?action=save content endpoint until a solution is available. Restrict the manipulation of the `tag` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex jbig2dec version 0.13 **Description** The issue is caused by an integer overflow in the `jbig2 build huffman table` function in `jbig2 huffman.c` when processing a crafted JBIG2 file. This can lead to out-of-bounds writes, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code. **Recommendations** For Artifex jbig2dec version 0.13, consider avoiding the use of crafted JBIG2 files until a patch is available. As a temporary workaround, restrict the processing of JBIG2 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.