0X30Rizko

**Name of the Vulnerable Software and Affected Versions** WeCube Platform version 3.2.2 **Description** An issue was discovered where cleartext passwords are displayed in the configuration for terminal plugins. **Recommendations** For WeCube Platform version 3.2.2, consider restricting access to the configuration for terminal plugins to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WeCube Platform version 3.2.2 **Description** An issue was discovered in WeCube Platform, where multiple CSV injection issues exist. The affected pages include the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page. **Recommendations** For WeCube Platform version 3.2.2, consider restricting access to the affected pages, including the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page, until a patch is available. As a temporary workaround, avoid using CSV imports on these pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WeCube platform version 3.2.2 **Description** A DOM XSS issue has been found on the plugin database execution page. This allows for potential exploitation through malicious scripts executed on the client-side. **Recommendations** For WeCube platform version 3.2.2, consider disabling access to the plugin database execution page until a patch is available. Restrict the use of the plugin database execution functionality to minimize the risk of exploitation.