Yuta Morioka

**Name of the Vulnerable Software and Affected Versions** a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier **Description** A cross-site scripting vulnerability exists in a-blog cms. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later. For versions prior to 3.0.29, update to version 3.0.29 or later. For versions prior to 2.11.58, update to version 2.11.58 or later. For versions prior to 2.10.50, update to version 2.10.50 or later. For version 2.9.0 and earlier, update to a later version.

**Name of the Vulnerable Software and Affected Versions** a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier **Description** The issue is related to improper input validation, allowing a remote authenticated attacker to execute arbitrary JavaScript code. This can be achieved by uploading a specially crafted SVG file. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later. For versions prior to 3.0.29, update to version 3.0.29 or later. For versions prior to 2.11.58, update to version 2.11.58 or later. For versions prior to 2.10.50, update to version 2.10.50 or later. For version 2.9.0 and earlier, update to a version later than 2.9.0.

**Name of the Vulnerable Software and Affected Versions** Strapi versions 3.x.x and earlier **Description** The issue is related to a stored cross-site scripting vulnerability in the file upload function. This vulnerability allows an arbitrary script to be executed on the web browser of the user who is logging in to the product with administrative privilege. **Recommendations** For Strapi versions 3.x.x and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.