Y0Ng

**Name of the Vulnerable Software and Affected Versions** jizhicms version 2.5.4 **Description** A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via a crafted article publication request. **Recommendations** For jizhicms version 2.5.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jizhicms version 2.4.6 **Description** The issue allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package, as the content of the article published in the front end is only filtered in the front end, without being filtered in the background. **Recommendations** For jizhicms version 2.4.6, consider implementing backend filtering for article content to prevent Cross Site Scripting (XSS) attacks. As a temporary workaround, restrict the ability to publish articles containing JavaScript scripts until a patch is available.