Zkai1127

Name of the Vulnerable Software and Affected Versions: Dzzoffice version 2.02 Description: A cross-site scripting (XSS) issue exists in the `referer` parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Dzzoffice version 2.02, consider restricting access to the `referer` parameter to minimize the risk of exploitation. Avoid using the `referer` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: feehicms version 0.1.3 Description: The issue is related to insufficient filtering of the `tag` parameters, allowing attackers to execute arbitrary web or HTML content via a crafted payload. Recommendations: For feehicms version 0.1.3, consider restricting the use of the `tag` parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.