Jun Okada

**Name of the Vulnerable Software and Affected Versions** Schneider Electric PowerChute Business Edition versions prior to 8.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 8.5, update to version 8.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco CiscoWorks Common Services (CWCS) versions 3.0.x through 3.2.x **Description** A directory traversal issue in the TFTP service of Cisco CiscoWorks Common Services allows remote attackers to access arbitrary files. This issue affects various Cisco products, including Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, and Unified Provisioning Manager. **Recommendations** For Cisco CiscoWorks Common Services versions 3.0.x through 3.2.x, consider restricting access to the TFTP service until a fix is available. As a temporary workaround, limit the exposure of the TFTP service to only necessary users and networks.