Tazkimi

**Name of the Vulnerable Software and Affected Versions** zhimengzhe iBarn version 1.5 **Description** The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the `upload` function in `action/Core.class.php`. **Recommendations** For zhimengzhe iBarn version 1.5, consider disabling the `upload` function in `action/Core.class.php` to prevent exploitation until a fix is available. Restrict access to the "index.php" endpoint to minimize the risk of arbitrary code execution. Avoid using the avatar upload feature in zhimengzhe iBarn version 1.5 until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FeehiCMS version 2.0.8 **Description** A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the `lang` attribute of an HTML tag. This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft. **Recommendations** For FeehiCMS version 2.0.8, consider disabling the use of the `lang` attribute in HTML tags until a patch is available to prevent exploitation of this issue. Restrict access to areas where this attribute is used to minimize the risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FeehiCMS version 2.0.8 **Description** The issue allows remote attackers to run arbitrary code via the `lang` attribute of an HTML tag. This is a Cross Site Scripting (XSS) issue, which enables attackers to execute scripts in the context of another user's session, potentially leading to unauthorized actions. **Recommendations** For FeehiCMS version 2.0.8, as a temporary workaround, consider restricting the use of the `lang` attribute in HTML tags to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.