Somurim

**Name of the Vulnerable Software and Affected Versions** Qiwen Netdisk versions up to 1.4.0 **Description** A vulnerability was found in the File Rename Handler component, which can be exploited to lead to cross-site scripting. The issue can be triggered by manipulating the input with a malicious string, such as `<img src="" onerror="alert(document.cookie)">`. This allows for remote attacks. **Recommendations** For Qiwen Netdisk versions up to 1.4.0, update to a version later than 1.4.0 to resolve the issue. As a temporary workaround, consider restricting the use of the File Rename Handler component to minimize the risk of exploitation. Avoid using potentially malicious input in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LinZhaoguan pb-cms version 2.0 **Description** A vulnerability was found in the Message Board component, specifically affecting some unknown functionality of the file /blog/comment. This issue leads to cross site scripting and can be exploited remotely. **Recommendations** For LinZhaoguan pb-cms version 2.0, consider restricting access to the /blog/comment file of the Message Board component to minimize the risk of exploitation. As a temporary workaround, avoid using the affected functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.