Xpp39

**Name of the Vulnerable Software and Affected Versions** Dataease version 2.10.20 **Description** A security flaw in the Data Dashboard component allows for remote SQL injection. This issue occurs within the `SqlparserUtils.transFilter()` function located in the `SqlparserUtils.java` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `SqlparserUtils.transFilter()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** A cross-site scripting issue exists in the SVG File Handler component within the file `jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java`. This flaw allows a remote attacker to execute malicious scripts via manipulation of an unknown function in the specified controller. **Recommendations** Update to a version later than 3.9.1. As a temporary workaround, restrict access to the SVG File Handler component in `CommonController.java` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot version 3.9.1 **Description** A flaw in the 'mLogin' endpoint within the `LoginController.java` file of the `jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/` component allows for remote authorization bypass. This issue is characterized by high complexity and difficult exploitability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dromara MaxKey versions prior to 3.5.14 **Description** A remote SQL injection flaw exists in the `StrUtils.checkSqlInjection()` function within the StrUtils.java file. This issue occurs when the `filtersfields` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `StrUtils.checkSqlInjection()` function to minimize the risk of exploitation.