Xxllyy

**Name of the Vulnerable Software and Affected Versions** Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 **Description** A flaw exists in Rongzhitong Visual Integrated Command and Dispatch Platform that allows for improper access controls. This issue can be triggered remotely through manipulation of an unknown function within the file `/dispatch/api?cmd=userinfo`. The exploit for this issue has been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** Update to a version later than 20260206.

**Name of the Vulnerable Software and Affected Versions** Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 **Description** A flaw exists in Rongzhitong Visual Integrated Command and Dispatch Platform that allows for improper access controls. The issue is related to an unknown function within the `/dm/dispatch/user/add` file of the User Handler component. The attack can be initiated remotely. The details of the exploit have been publicly released. The vendor was notified but did not respond. **Recommendations** Update to a version later than 20260206.

**Name of the Vulnerable Software and Affected Versions** Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 **Description** A security issue exists in Rongzhitong Visual Integrated Command and Dispatch Platform. Improper access controls can be triggered by manipulating the `ID` argument of a file, `/dm/dispatch/user/delete`, within the User Handler component. Remote exploitation is possible. The details of the affected function are unknown. The vulnerability has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Versions prior to 20260207 should be updated. As a temporary workaround, restrict access to the `/dm/dispatch/user/delete` file.

**Name of the Vulnerable Software and Affected Versions** qianfox FoxCMS versions up to 1.2.16 **Description** A cross-site scripting issue exists in the `add/edit` function of the `app/admin/controller/Product.php` file. Manipulation of the `Title` argument can trigger this issue. The attack can be initiated remotely. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** Versions prior to 1.2.16 should be updated. As a temporary workaround, consider restricting modification of the `Title` argument in the `add/edit` function of the `Product.php` file.