Wdlegend

**Name of the Vulnerable Software and Affected Versions** Timo version 2.0.3 **Description** The issue allows a remote attacker to execute arbitrary code via the filetype restrictions in the `UploadController.java` component. **Recommendations** For Timo version 2.0.3, consider disabling the `UploadController.java` component until a patch is available. Restrict access to the UploadController to minimize the risk of exploitation. Avoid using the filetype restrictions in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** xiweicheng TMS version 2.28.0 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via a crafted script to the `click here` function. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For xiweicheng TMS version 2.28.0, consider disabling the `click here` function until a patch is available to prevent exploitation of this issue.