Yyhylho

**Name of the Vulnerable Software and Affected Versions** 4thline cling versions 2.0.0 through 2.1.2 **Description** The issue in the UPnP protocol allows remote attackers to cause a denial of service via an unchecked `CALLBACK` parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers. **Recommendations** For versions 2.0.0 through 2.1.2, consider disabling the UPnP protocol to minimize the risk of exploitation until a patch is available, however, since 4thline cling is no longer supported, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Editor.md versions 1.5.0 and earlier Editor.md (all versions) **Description** The issue involves a DOM-based XSS that can be triggered through specific vectors, including the '<EMBED SRC="data:image/svg+xml' substring. It is also reported that user input is not sufficiently sanitized, allowing attackers to inject malicious code, particularly in payloads containing base64-encoded content. **Recommendations** For Editor.md version 1.5.0, consider disabling the embedding of SVG images until a fix is available. For all versions of Editor.md, consider using an alternative module until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jimmykuu Gopher version 2.0 **Description** The issue involves a DOM-based XSS that can be exploited through specific vectors, including the '<EMBED SRC="data:image/svg+xml' substring. This allows for potential malicious script execution. **Recommendations** For jimmykuu Gopher version 2.0, consider disabling the use of the `<EMBED>` tag with `SRC` attributes containing `data:image/svg+xml` substrings until a patch is available. Restrict access to potentially vulnerable modules or functions to minimize the risk of exploitation.