Josef Hassan

**Nome do software vulnerável e versões afetadas** Portal Online de Engenharia RRJ Nueva Ecija, versão 1.0 **Descrição** Foi encontrada uma vulnerabilidade no componente Painel de Administração do Portal Online RRJ Nueva Ecija Engineer. O problema afeta uma funcionalidade desconhecida do arquivo /admin/admin user.php. A manipulação dos argumentos `Firstname`, `Lastname` ou `Username` leva a um ataque de cross-site scripting. O ataque pode ser lançado remotamente. **Recomendações** Para o Portal Online do Engenheiro RRJ Nueva Ecija versão 1.0, como solução temporária, considere restringir o acesso ao arquivo `/admin/admin user.php` até que um patch esteja disponível. Evite usar os argumentos `Firstname`, `Lastname` ou `Username` no componente do Painel de Administração afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** froxlor versions prior to 2.0.22 froxlor version 2.1.0 **Description** The issue concerns Business Logic Errors in the GitHub repository froxlor/froxlor. **Recommendations** For versions prior to 2.0.22, update to version 2.0.22 or later. For version 2.1.0, update to a version later than 2.1.0.

**Name of the Vulnerable Software and Affected Versions** Cisco SPA500 Series Analog Telephone Adapters (ATAs) (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to modify a web page in the context of a user's browser. This issue is due to insufficient validation of user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially altering web page contents to redirect users to malicious websites or conducting further client-side attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** modoboa/modoboa versions prior to 2.1.0 **Description** The issue is related to weak password requirements in the modoboa/modoboa GitHub repository. Users can set unsafe passwords, such as `1` or `HACK`. This issue is fixed in version 2.1.0. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider enforcing strong password policies to minimize the risk of exploitation. Restrict access to password settings to prevent users from setting weak passwords until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue allows for authentication bypass by capture-replay, enabling unlimited comments to be sent. This has been fixed in version 3.1.12. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas where comments can be sent until the update is applied.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to stored Cross-site Scripting (XSS) due to the failure to sanitize user input in the `category field name` parameter. This allows for the storage of malicious scripts that can be executed when the affected data is accessed. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the `category field name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to stored Cross-site Scripting (XSS) due to the failure to sanitize user input in the FAQ site while generating an HTML Export. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue concerns Code Injection and Cross-site Scripting in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue concerns weak password requirements in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to the misinterpretation of input in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue concerns weak password requirements in the GitHub repository thorsten/phpmyfaq. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. It affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Code Injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Command Injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to an Uncaught Exception in the GitHub repository thorsten/phpmyfaq. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Stored. This type of attack occurs when an application stores user input that contains malicious scripts, which are then executed by the application, allowing an attacker to steal user data or take control of the user's session. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to code injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.