Theflink

Name of the Vulnerable Software and Affected Versions: Dolibarr version 6.0.4 Description: The issue affects the `htdocs/product/stats/card.php` component and allows for Cross Site Scripting (XSS), which can lead to cookie stealing. The attack vector involves a victim clicking a specially crafted link sent by the attacker. Recommendations: For Dolibarr version 6.0.4, consider restricting access to the `htdocs/product/stats/card.php` component until a fix is available. As a temporary workaround, avoid clicking on links from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Akiee version 0.0.3 **Description** The issue is related to a XSS vulnerability that can lead to code execution. This is due to the lack of validation in the "Details" of a task, which can result in XSS and subsequently allow for arbitrary code execution. The attack is exploitable if the attacker can trick the victim into opening a crafted markdown. **Recommendations** For Akiee version 0.0.3, as a temporary workaround, consider validating user input in the "Details" of a task to prevent XSS attacks until a patch is available. Restrict the use of markdown integration to minimize the risk of exploitation.