Mtflyo

**Name of the Vulnerable Software and Affected Versions** JIZHICMS version 1.7.1 **Description** A security issue exists where an attacker can inject malicious code. The issue is related to the "index.php/Wechat/checkWeixin" API endpoint, specifically with the `signature` and `echostr` parameters, where an attacker can inject malicious code, potentially leading to code execution on the victim's browser. **Recommendations** For JIZHICMS version 1.7.1, as a temporary workaround, consider restricting access to the "index.php/Wechat/checkWeixin" API endpoint until a patch is available. Avoid using the `echostr` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS version 1.7.1 **Description** A security issue exists where an attacker can execute arbitrary code. The issue is related to the "/index.php/Error/index?msg=" API endpoint, which is vulnerable to XSS attacks. This endpoint is handled by the Home/c/ErrorController.php file. **Recommendations** For JIZHICMS version 1.7.1, as a temporary workaround, consider restricting access to the "/index.php/Error/index" endpoint until a patch is available. Avoid using the `msg` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.