Kaikaix

**Name of the Vulnerable Software and Affected Versions** WhiteHSBG JNDIExploit version 1.4 **Description** A vulnerability was found in the function `handleFileRequest` of the file `src/main/java/com/feihong/ldap/HTTPServer.java`. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. This issue is related to insufficient restrictions on directory path names in the Java Naming and Directory Interface (JNDI) `JNDIExploit` tool. **Recommendations** As a temporary workaround, consider disabling the `handleFileRequest` function until a patch is available. Restrict access to the `HTTPServer.java` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Taxonomy Import WordPress plugin versions 1.0.0 through 1.0.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. **Recommendations** For WP Taxonomy Import WordPress plugin versions 1.0.0 through 1.0.4, update to a version that addresses this issue, as the current version does not properly sanitise and escape parameters, leading to potential Cross-Site Scripting attacks.