Luelistao

**Name of the Vulnerable Software and Affected Versions** FreshDNS versions 1.0.3 and earlier **Description** The issue concerns a Cross-Site Request Forgery (CSRF) vulnerability that affects all authenticated API calls in index.php and class.manager.php. This can lead to the editing of domains and zones with the victim's privileges. The attack is exploitable if the victim opens a website containing the attacker's JavaScript. **Recommendations** For FreshDNS versions 1.0.3 and earlier, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreshDNS versions 1.0.3 and prior **Description** The issue allows for the execution of an attacker's JavaScript code in a victim's session due to a Cross Site Scripting (XSS) vulnerability in the Account data form and Zone editor. This can be exploited when an attacker stores a specially crafted string as their Full Name in their account details, and the victim, such as the administrator, opens the User List in the admin interface. **Recommendations** For FreshDNS versions 1.0.3 and prior, update to version 1.0.5 or later to resolve the issue.