A weak password recovery vulnerability exists in QianFox FoxCMS versions up to 1.2.6, specifically within the Edit function of the Admin.php file. The vulnerability allows remote attackers to manipulate password recovery mechanisms, potentially enabling unauthorized account access. The CVSS 4.0 score of 2.0 (LOW severity) reflects the requirement for high privileges (PR:H) to exploit this weakness. The vu [truncated]
A stored cross-site scripting (XSS) vulnerability exists in QianFox FoxCMS versions up to and including 1.2.6. The affected endpoint is `/Tag/edit` within the Administrator Backend component. Successful exploitation requires high privileges (administrator access) and user interaction, limiting the attack surface to authenticated administrative sessions. The vulnerability has been publicly disclosed via a [truncated]