Lzihan

**Name of the Vulnerable Software and Affected Versions** QianFox FoxCMS versions prior to 1.2.7 **Description** A cross site scripting issue exists in the Administrator Backend component. A remote attacker can execute a manipulation via an unknown function within the '/Tag/edit' file to launch an attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QianFox FoxCMS versions prior to 1.2.7 **Description** A flaw exists in the `Edit()` function within the Admin.php file that allows for weak password recovery. This issue can be exploited remotely by an attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.