Stellarsss

**Name of the Vulnerable Software and Affected Versions** zibbs version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary code via the route parameter to "index.php". This could potentially lead to unauthorized actions on the affected system. **Recommendations** For zibbs version 1.0, consider restricting access to the "index.php" endpoint until a patch is available, and avoid using the route parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xujinliang zibbs version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary code via the `bbsmeta` parameter in the application/controllers/AdminController.php file. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For xujinliang zibbs version 1.0, consider restricting access to the `bbsmeta` parameter in the AdminController.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `bbsmeta` parameter until a patch is available.