Iamleandrooooo

**Name of the Vulnerable Software and Affected Versions** Frappe HR versões anteriores a 15.58.1 Frappe HR versões anteriores a 16.4.1 **Description** Um usuário autenticado com uma função padrão pode acessar informações não autorizadas explorando um determinado api endpoint nesta solução de gerenciamento de recursos humanos de código aberto. **Recommendations** Atualizar para a versão 15.58.1 Atualizar para a versão 16.4.1

**Name of the Vulnerable Software and Affected Versions** InvoicePlane versions prior to 1.7.1 **Description** InvoicePlane is an open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) issue exists that allows an authenticated user with the necessary permissions to manage Invoice Groups to inject malicious JavaScript into the “Identifier Format” field. This injected script will execute when any user views the invoice list or the main dashboard. The vulnerable field is the `Identifier Format` field within Invoice Groups. **Recommendations** Update to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** InvoicePlane versions prior to 1.7.1 **Description** InvoicePlane is an open source application used for managing invoices, clients, and payments. A stored cross-site scripting (XSS) issue exists in the Sumex invoice view. An authenticated user with client and invoice management privileges can execute arbitrary JavaScript in the browser of any user viewing the invoice. This could potentially lead to session hijacking or data theft on behalf of the victim user. The vulnerable component is the Sumex invoice view. **Recommendations** Update to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Known versions prior to 1.6.3 Known version 1.6.2 **Description** A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an unauthenticated attacker to obtain the reset token for any user by querying the user's email, leading to full Account Takeover (ATO) without needing access to the victim's email inbox. The vulnerable page is accessible via a GET request using the victim’s email as a parameter. The sensitive token is embedded in an HTML input field with the name 'code'. The attacker can programmatically extract the token using a tool like curl. This allows the attacker to reset the victim's password and gain access to the account. This issue can lead to a total loss of Confidentiality, Integrity, and Availability, including the compromise of administrative accounts. **Recommendations** Update to version 1.6.3 or later to resolve this issue.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Outsystems anteriores à 3.1.0 **Descrição** O problema ocorre porque as validações de extensão e tamanho de arquivo são aplicadas apenas no lado do cliente no recurso de Upload Múltiplo de Arquivos do Outsystems. Isso permite que um atacante intercepte a solicitação de upload, modifique o parâmetro, contorne as restrições de extensão e envie arquivos arbitrários. **Recomendações** Para versões anteriores à 3.1.0, atualize para a versão 3.1.0 ou posterior para resolver o problema. Como solução temporária, considere implementar validação no lado do servidor para extensões e tamanhos de arquivo para prevenir uploads de arquivos sem restrições.