Charles Heidbreder

**Name of the Vulnerable Software and Affected Versions** Assembly Software Trialworks version 11.4 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `asset src` parameter. This enables the execution of malicious code on the client-side. **Recommendations** For Assembly Software Trialworks version 11.4, consider restricting access to the `asset src` parameter to minimize the risk of exploitation until a patch is available. Avoid using the `asset src` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rediker Software AdminPlus version 6.1.91.00 **Description** The issue allows remote attackers to run arbitrary code via the `onload` function within the application DOM, which is a result of a Cross Site Scripting (XSS) vulnerability. This enables attackers to execute malicious scripts on the client-side. **Recommendations** For Rediker Software AdminPlus version 6.1.91.00, consider disabling the `onload` function within the application DOM as a temporary workaround until a patch is available. Restrict access to the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.