Threonic

**Name of the Vulnerable Software and Affected Versions** Jfinal CMS version 5.1 **Description** A cross-site scripting (XSS) issue was found in Jfinal CMS via the component "/system/dict/list". This component is an API endpoint that is susceptible to XSS attacks. **Recommendations** For Jfinal CMS version 5.1, consider disabling access to the "/system/dict/list" API endpoint until a patch is available. Restrict input to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration (ZCS) versions 8.8.15 through 9.0 **Description** An issue was discovered in Zimbra Collaboration, allowing remote code execution through the ClientUploader utility by an authenticated admin user. The admin user can upload files and traverse to any other directory for remote code execution. **Recommendations** For versions 8.8.15 and 9.0, consider disabling the ClientUploader utility until a patch is available to prevent remote code execution. Restrict access to the ClientUploader utility to minimize the risk of exploitation. Avoid using the ClientUploader utility for file uploads until the issue is resolved.