Juan Caillava

**Name of the Vulnerable Software and Affected Versions** MikroTik RouterOS versions prior to 6.41.3/6.42rc27 **Description** The issue is caused by a buffer overflow in the SMB service of MikroTik RouterOS, allowing remote attackers to execute arbitrary code on the system. This can be exploited before authentication takes place, making it possible for unauthenticated remote attackers to gain code execution. **Recommendations** For versions prior to 6.41.3/6.42rc27, update to version 6.41.3 or 6.42rc27, or later, to resolve the issue. As a temporary workaround, consider restricting access to the SMB service until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.04 Apache Open For Business Project (aka OFBiz) version 11.04.01 Apache Open For Business Project (aka OFBiz) versions 09.04.x and earlier **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via specific Widget attributes, such as `Screenlet.title` or `Image.alt`. An example of exploitation is through the `parentPortalPageId` parameter to the "/exampleext/control/ManagePortalPages" API endpoint. **Recommendations** For Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.04, update to version 10.04.05 or later. For Apache Open For Business Project (aka OFBiz) version 11.04.01, update to a later version. For Apache Open For Business Project (aka OFBiz) versions 09.04.x and earlier, update to a version later than 09.04.x. As a temporary workaround, consider restricting access to the `Screenlet.title` and `Image.alt` Widget attributes until a patch is available.