Christian Pöschl

**Nome do software vulnerável e versões afetadas** Versões anteriores à 2023.11.8 **Descrição** A vulnerabilidade permite que invasores remotos anônimos obtenham informações confidenciais de autenticação por meio do arquivo `setup.php`, devido à função `getRegistryData` no arquivo `Setup/Frontend/Json.php`, quando um backend LDAP é utilizado. **Recomendações** Para versões anteriores a 2023.11.8, atualize para uma versão que inclua a correção para este problema. Como solução temporária, considere restringir o acesso ao endpoint `setup.php` até que um patch esteja disponível. Além disso, certifique-se de que a função `getRegistryData` em `Setup/Frontend/Json.php` esteja devidamente protegida para evitar a divulgação de informações.

**Name of the Vulnerable Software and Affected Versions** Documize version 5.4.2 **Description** The issue allows remote attackers to execute arbitrary code via the `user` parameter of the "/api/dashboard/activity" endpoint. This enables attackers to potentially gain unauthorized access and control over the system. Approximately 790 devices are potentially affected, mainly located in the United States, Ireland, and other countries. **Recommendations** For Documize version 5.4.2, consider disabling access to the "/api/dashboard/activity" endpoint until a patch is available. Additionally, restrict the use of the `user` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FileRun version 20220519 **Description** The issue allows SQL Injection via the `dir` parameter in a "/?module=users&section=cpanel&page=list" API endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For FileRun version 20220519, as a temporary workaround, consider restricting access to the "/?module=users&section=cpanel&page=list" API endpoint until a patch is available. Avoid using the `dir` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Filerun Update 20220202 **Description** A Stored XSS issue in shared files download terms allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. **Recommendations** For Filerun Update 20220202, consider disabling the shared files download feature until a patch is available to prevent exploitation of the Stored XSS issue. Restrict access to shared links to minimize the risk of malicious JavaScript code execution. Avoid using crafted share links in the affected Filerun version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Filerun versions through Update 20220202 **Description** A Broken Access Control issue in comments to uploaded files allows attackers to delete comments on files uploaded by other users. **Recommendations** For versions through Update 20220202, update to a version later than Update 20220202 to resolve the issue. As a temporary workaround, consider restricting access to the comment deletion functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SoftwareX versions prior to 2023.01.14.325 **Description** The issue allows SQL Injection through the `sort` parameter of the "/index.php" endpoint. **Recommendations** For versions prior to 2023.01.14.325, consider disabling the `sort` parameter in the "/index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Contao versions 4.0.0 through 4.9.41 Contao versions 4.13.0 through 4.13.27 Contao versions 5.0.0 through 5.1.9 **Description** Contao is an open source content management system. It is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview and on the website. Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. **Recommendations** For Contao versions 4.0.0 through 4.9.41, update to Contao 4.9.42. For Contao versions 4.13.0 through 4.13.27, update to Contao 4.13.28. For Contao versions 5.0.0 through 5.1.9, update to Contao 5.1.10. As a temporary workaround, consider disabling the login for all untrusted back end users.

**Name of the Vulnerable Software and Affected Versions** Windows Admin Center (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Algoo Tracim versions prior to 4.4.2 **Description** The issue allows for XSS via HTML file upload. **Recommendations** For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jellyfin versions 10.8.x through 10.8.3 **Description** The name of a playlist in Jellyfin is vulnerable to stored XSS, allowing an attacker to steal access tokens from the localStorage of the victim. **Recommendations** For Jellyfin versions 10.8.x through 10.8.3, consider restricting the ability to create or edit playlist names until a patch is available to prevent stored XSS attacks. As a temporary workaround, users should be cautious when accessing playlists from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jellyfin versions 10.8.x through 10.8.3 **Description** The issue concerns stored XSS in the name of a collection. This allows an attacker to steal access tokens from the localStorage of the victim. **Recommendations** For Jellyfin versions 10.8.x through 10.8.3, consider restricting the ability to edit collection names to prevent potential exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do Gitea anteriores à 1.16.9 **Descrição** O problema está relacionado a controles de acesso inadequados no Gitea, permitindo que um invasor atribua qualquer issue a qualquer projeto. Isso faz com que o invasor obtenha acesso a títulos de issues privados devido à falta de verificações de permissão para a recuperação de issues. **Recomendações** Para versões anteriores à 1.16.9, atualize para a versão 1.16.9 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à atribuição de issues do projeto até que a atualização seja aplicada.