Thxtech

**Name of the Vulnerable Software and Affected Versions** Docmost versions prior to 0.25.0 **Description** Docmost is collaborative wiki and documentation software. The public share page functionality does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows for Stored Cross-Site Scripting (XSS) attacks, enabling an attacker to execute arbitrary JavaScript in the context of any user who opens a shared page link. **Recommendations** Update to version 0.25.0 or later.

**Name of the Vulnerable Software and Affected Versions** Payload versions prior to 3.73.0 **Description** Payload is a free and open source headless content management system. Prior to version 3.73.0, user input was directly embedded into SQL queries without proper escaping when querying JSON or richText fields, leading to blind SQL injection attacks. An unauthenticated attacker could potentially extract sensitive data, such as emails and password reset tokens, and gain full account takeover without needing to crack passwords. This issue affects users utilizing Drizzle-based database adapters (`@payloadcms/drizzle` dependency) – `@payloadcms/db-postgres`, `@payloadcms/db-vercel-postgres`, `@payloadcms/db-sqlite`, and `@payloadcms/db-d1-sqlite` – and having accessible collections with `type: 'json'` or `type: 'richText'` fields where `access.read` is not set to `false`. The vulnerability does not affect users utilizing `@payloadcms/db-mongodb`. **Recommendations** Upgrade to Payload version 3.73.0 or later. If an immediate upgrade is not possible, add `access: { read: () => false }` to all JSON and richText fields as a temporary mitigation.

**Name of the Vulnerable Software and Affected Versions** Wagtail versions prior to 6.3.6 Wagtail versions prior to 7.0.4 Wagtail versions prior to 7.1.3 Wagtail versions prior to 7.2.2 Wagtail versions prior to 7.3 **Description** Wagtail, an open source content management system built on Django, contains an issue due to a missing permission check on the preview endpoints. A user with access to the Wagtail admin and knowledge of a model's fields can construct a form submission to obtain a preview rendering of any page, snippet, or site setting object for which previews are enabled, using data of their choosing. The existing data of the object itself is not exposed, but the rendering process may reveal other database contents accessible only to users with edit access over the model. The issue is not exploitable by ordinary site visitors without Wagtail admin access. **Recommendations** Update to Wagtail version 6.3.6 or later. Update to Wagtail version 7.0.4 or later. Update to Wagtail version 7.1.3 or later. Update to Wagtail version 7.2.2 or later. Update to Wagtail version 7.3 or later.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.5.5 **Description** SiYuan is a personal knowledge management system. The `/api/file/copyFile` endpoint does not validate the `dest` parameter. This allows authenticated users to write files to arbitrary locations on the filesystem, potentially leading to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized keys, or shell configuration files. **Recommendations** Update to version 3.5.5 or later.

**Name of the Vulnerable Software and Affected Versions** Tugtainer versions prior to 1.16.1 **Description** Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query parameters rather than utilizing the HTTP request body. This practice results in passwords being recorded in server access logs and potentially exposed via browser history, Referer headers, and proxy logs. **Recommendations** Update Tugtainer to version 1.16.1 or later.

**Name of the Vulnerable Software and Affected Versions** LaSuite Doc versions 3.8.0 through 4.3.0 **Description** LaSuite Doc is a collaborative note taking, wiki and documentation platform. A Stored Cross-Site Scripting (XSS) issue exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. **Recommendations** Update LaSuite Doc to version 4.4.0.