Laoquanshi

**Name of the Vulnerable Software and Affected Versions** DTStack Taier version 1.3.0 **Description** The issue is related to insecure permissions in the "/Taier/API/tenant/listTenant" interface, allowing attackers to view sensitive information via the `getCookie` method. **Recommendations** For DTStack Taier version 1.3.0, consider restricting access to the "/Taier/API/tenant/listTenant" interface until a patch is available. As a temporary workaround, avoid using the `getCookie` method in this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jbootfly (affected versions not specified) **Description** A Cross Site Scripting issue allows attackers to obtain sensitive information via the `username` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ehuacui BBS (affected versions not specified) **Description** A Cross Site Scripting issue allows attackers to cause a denial of service via a crafted payload in the `login` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenGoofy Hippo4j version 1.4.3 **Description** The issue allows an attacker to obtain sensitive information via the `ConfigVerifyController` function of the Tenant Management module. **Recommendations** For OpenGoofy Hippo4j version 1.4.3, consider restricting access to the `ConfigVerifyController` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenGoofy Hippo4j version 1.4.3 **Description** An issue in OpenGoofy Hippo4j allows attackers to escalate privileges via the `ThreadPoolController` of the tenant Management module. **Recommendations** For OpenGoofy Hippo4j version 1.4.3, consider restricting access to the `ThreadPoolController` in the tenant Management module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xuxueli xxl-job versions 2.2.0 through 2.3.1 **Description** A permissions issue allows an attacker to obtain sensitive information via the `pageList` parameter. **Recommendations** For versions 2.2.0 through 2.3.1, consider restricting access to the `pageList` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenGoofy Hippo4j version 1.4.3 **Description** The issue allows an attacker to escalate privileges via the `AddUser` method of the `UserController` function in the Tenant Management module. This is due to an Insecure Permissions vulnerability. **Recommendations** For OpenGoofy Hippo4j version 1.4.3, consider disabling the `AddUser` method of the `UserController` function in the Tenant Management module as a temporary workaround until a patch is available. Restrict access to the Tenant Management module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** isoftforce Dreamer CMS version 4.0.1 **Description** A permissions issue allows local attackers to obtain sensitive information via the `AttachmentController` parameter. This issue can be exploited to gain access to restricted data. **Recommendations** For isoftforce Dreamer CMS version 4.0.1, consider restricting access to the `AttachmentController` parameter until a patch is available. As a temporary workaround, review and limit local access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** feiqu-opensource (affected versions not specified) **Description** A background vertical authorization issue exists in IndexController.java, allowing demo users with low permission to perform operations within the permission of the admin super administrator. This can be used to change the blacklist IP address in the system at will. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.