Wang1R

**Name of the Vulnerable Software and Affected Versions** Typecho versions prior to 1.3.1 **Description** An issue exists in the Ping Back Service Endpoint within the `Service::sendPingHandle()` function of the `var/Widget/Service.php` file. Remote attackers can trigger server-side request forgery (SSRF)—a flaw where the server is coerced into making unintended requests—by manipulating the `X-Pingback/link` argument. **Recommendations** Update to a version later than 1.3.0. As a temporary workaround, restrict access to the Ping Back Service Endpoint or the `Service::sendPingHandle()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iCMS version 8.0.0 **Description** The iCMS software contains a Cross-Site Scripting (XSS) issue in the User Management component. The issue is located within the index.html file and allows remote attackers to execute arbitrary web script or HTML. The attack vector involves the `regip` or `loginip` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `regip` and `loginip` parameters before processing them.