Youran

**Name of the Vulnerable Software and Affected Versions** xiweicheng TMS versions prior to 2.28.0 **Description** An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the `filename` argument within the `Upload` function located in the file src/main/java/com/lhjz/portal/controller/FileController.java. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Update to a version later than 2.28.0. As a temporary workaround, restrict access to the `Upload` function in src/main/java/com/lhjz/portal/controller/FileController.java.

**Name of the Vulnerable Software and Affected Versions** xiweicheng TMS versions up to 2.28.0 **Description** A flaw exists in xiweicheng TMS that allows for server-side request forgery. The issue is related to the `Summary` function within the `src/main/java/com/lhjz/portal/util/HtmlUtil.java` file. Manipulation of the `url` argument can trigger the flaw, potentially allowing for remote attacks. The exploit for this issue has been published. **Recommendations** Versions prior to 2.28.0 should be used. As a temporary workaround, consider restricting or disabling the use of the `Summary` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** bestfeng oa git free versions up to 9.5 **Description** A flaw exists in bestfeng oa git free up to version 9.5. The issue is related to the manipulation of the `writeProp` argument within the `updateWriteBack` function located in the file yimioa-oa9.5serverc-flowsrcmainjavacomcloudweboacontrollerWorkflowPredefineController.java. This manipulation can lead to XML External Entity (XXE) reference. The attack can be carried out remotely, and an exploit has been publicly released. **Recommendations** Versions prior to 9.5 should be updated. As a temporary workaround, consider restricting access to the `updateWriteBack` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** pojoin h3blog version 1.0 **Description** A cross site scripting issue exists in pojoin h3blog 1.0. The issue is related to the manipulation of the `Title` argument within an unknown function of the file '/admin/cms/category/addtitle'. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.