Ali Hussein

**Name of the Vulnerable Software and Affected Versions** Pearson eSIS Enterprise Student Information System (affected versions not specified) **Description** The issue concerns a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML. The vulnerability is located in the aal/loginverification.aspx file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlogEngine.NET versions 2.8.0.0 and earlier **Description** The issue allows remote attackers to read usernames and password hashes by making a request for the "sioc.axd" file. **Recommendations** For BlogEngine.NET versions 2.8.0.0 and earlier, consider restricting access to the "sioc.axd" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KnowledgeView Editorial and Management application (affected versions not specified) **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `username` parameter, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.