Ghufran Khan

Name of the Vulnerable Software and Affected Versions hcengineering Huly Platform versão 0.7.382 Description Uma condição de falsificação de solicitação do lado do servidor existe no hcengineering Huly Platform versão 0.7.382. A questão está localizada em uma parte desconhecida do arquivo server/front/src/index.ts dentro do componente Import Endpoint. Esta manipulação pode ser explorada remotamente. Recommendations Atualmente, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions hcengineering Huly Platform versão 0.7.382 Description Uma vulnerabilidade existe no hcengineering Huly Platform versão 0.7.382 relacionada ao componente JWT Token Handler, especificamente dentro do arquivo `foundations/core/packages/token/src/token.ts`. A questão envolve a manipulação do argumento `SERVER SECRET` com uma entrada específica `secret`, levando ao uso de uma chave criptográfica codificada. Essa manipulação pode ser iniciada remotamente e é considerada de alta complexidade, mas a exploração é difícil. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade. Como medida temporária, considere restringir o uso do componente JWT Token Handler ou do arquivo `token.ts` até que uma correção esteja disponível.

Name of the Vulnerable Software and Affected Versions Casdoor versão 2.356.0 Description Uma falha existe no componente OAuth Authorization Request Handler que permite ataques de redirecionamento aberto. A manipulação do argumento `redirect uri` pode ser explorada remotamente. O exploit está publicamente disponível. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade.

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Name of the Vulnerable Software and Affected Versions Casdoor versão 2.356.0 Description Uma fraqueza foi identificada no componente Webhook URL Handler que pode permitir a falsificação de solicitação do lado do servidor (SSRF). Isso pode ser acionado remotamente manipulando o sistema. O fornecedor foi contatado, mas não respondeu. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions Casdoor versão 2.356.0 Description Uma falha de segurança existe na função `dangerouslySetInnerHTML` do Casdoor 2.356.0. A manipulação do argumento `formCss`/`formCssMobile`/`formSideHtml` pode levar a cross-site scripting (XSS). Este ataque pode ser iniciado remotamente. O exploit foi divulgado publicamente. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade.

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** A security issue exists in mickasmt next-saas-stripe-starter 1.0.0. The `generateUserStripe` function within the `actions/generate-user-stripe.ts` file of the Checkout Handler component is susceptible to business logic errors due to manipulation of the `priceId` argument. This issue can be initiated remotely. **Recommendations** As a temporary workaround, consider restricting the use of the `generateUserStripe` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** A flaw exists in the `openCustomerPortal` function within the `actions/open-customer-portal.ts` file of the Stripe API component. This manipulation can lead to an authorization bypass. Remote exploitation is possible, but the complexity is high and exploitation is difficult. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** An authorization issue exists due to improper authorization when manipulating the `userId`/`role` argument within the `updateUserrole` function in the file actions/update-user-role.ts. This allows for remote exploitation. The function `updateUserrole` is affected. **Recommendations** Address the improper authorization in the `updateUserrole` function of the actions/update-user-role.ts file.

**Name of the Vulnerable Software and Affected Versions** go2ismail Asp.Net-Core-Inventory-Order-Management-System versions prior to 9.20250118 **Description** A flaw exists in go2ismail Asp.Net-Core-Inventory-Order-Management-System. The issue resides in an unknown function within the Administrative Interface component. Successful exploitation allows for execution after redirection and can be initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Update go2ismail Asp.Net-Core-Inventory-Order-Management-System to a version later than 9.20250118.

Name of the Vulnerable Software and Affected Versions go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Description A flaw exists in go2ismail Free-CRM. This issue impacts an unknown part of the `/api/Security/` file within the Security API component, potentially leading to improper authorization. The attack can be carried out remotely, and a public exploit is available. The product utilizes a rolling release strategy, making specific version details for affected or updated releases unavailable. The vendor was contacted regarding this disclosure but did not respond. Recommendations Update to a version prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

**Name of the Vulnerable Software and Affected Versions** go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 **Description** A flaw exists in go2ismail Free-CRM’s Administrative Interface component that allows for code execution after redirection via remote manipulation. The vendor was notified of this issue but did not respond. The product uses a rolling release model, making specific version information for affected or updated releases unavailable. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go2ismail Asp.Net-Core-Inventory-Order-Management-System versions prior to 9.20250118 **Description** A flaw exists in the software that allows for improper authorization through manipulation of an unknown functionality within the `/api/Security/` file of the Security API component. Remote exploitation is possible. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update to a version later than 9.20250118.