Johnson

**Name of the Vulnerable Software and Affected Versions** kkFileView (affected versions not specified) **Description** A problematic issue has been found in kkFileView, affecting the `setWatermarkAttribute` function of the file `/picturesPreview`. This issue leads to cross-site scripting and can be launched remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** anji-plus AJ-Report version 0.9.8.6 **Description** The issue allows remote attackers to bypass login authentication by spoofing JWT Tokens. This can be exploited by attackers to gain unauthorized access to the system. **Recommendations** For anji-plus AJ-Report version 0.9.8.6, consider disabling the use of JWT Tokens for login authentication until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the `token` variable in authentication processes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.