Lvzc4

**Name of the Vulnerable Software and Affected Versions** longpi1 warehouse version 1.0 **Description** A cross-site scripting issue has been found in the longpi1 warehouse software. The vulnerability affects an unknown functionality of the file /resources/..;/inport/updateInport of the Backend component. The manipulation of the `remark` argument leads to cross-site scripting. The attack can be launched remotely. A public exploit has been disclosed, increasing the risk of exploitation. **Recommendations** For longpi1 warehouse version 1.0, consider disabling the `remark` argument in the /resources/..;/inport/updateInport functionality of the Backend component as a temporary workaround until a patch is available. Restrict access to the vulnerable /resources/..;/inport/updateInport endpoint to minimize the risk of exploitation. Avoid using the `remark` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall version 1.0 **Description** A critical vulnerability affects the `UploadController` function of the file `src/main/java/com/siro/mall/controller/common/uploadController.java`. The manipulation of the `file` argument leads to unrestricted upload. The attack can be initiated remotely. A public exploit has been disclosed, making it possible for attackers to utilize it. **Recommendations** For StarSea99 starsea-mall version 1.0, as a temporary workaround, consider disabling the `UploadController` function until a patch is available. Restrict access to the `uploadController.java` file to minimize the risk of exploitation. Avoid using the `file` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall version 1.0 **Description** A cross-site scripting issue affects the processing of the file "/admin/categories/update", where the manipulation of the `categoryName` argument leads to cross-site scripting. The attack may be initiated remotely. A public exploit has been disclosed, indicating a significant security risk. **Recommendations** For StarSea99 starsea-mall version 1.0, as a temporary workaround, consider restricting access to the "/admin/categories/update" endpoint until a patch is available. Additionally, avoid using the `categoryName` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1902756969 reggie version 1.0 **Description** A critical vulnerability has been found in the download function of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the `name` argument leads to path traversal, allowing attackers to potentially access sensitive files or directories. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `download` function in the `CommonController.java` file until a patch is available. Avoid using the `name` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1902756969 reggie version 1.0 **Description** A critical vulnerability affects the upload function in the file src/main/java/com/itheima/reggie/controller/CommonController.java, allowing unrestricted file upload. The attack can be launched remotely by manipulating the `file` argument, enabling an attacker to upload arbitrary files. The exploit for this issue has been publicly disclosed. **Recommendations** For version 1.0, consider disabling the upload function in the CommonController.java file until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the `file` argument in the affected upload endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1902756969 reggie version 1.0 **Description** A problem has been found in the Phone Number Validation Handler component, affecting some unknown functionality of the file /user/sendMsg. The manipulation of the `code` argument leads to information disclosure. The attack may be launched remotely. An exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `/user/sendMsg` file until a patch is available. Avoid manipulating the `code` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.