Kerkroups

**Nome do software vulnerável e versões afetadas** Versões do EspoCRM anteriores à 8.1.2 **Descrição** A vulnerabilidade permite que um invasor insira um endereço IP ou domínio arbitrário na página “Alteração de senha”, redirecionando potencialmente a vítima para uma página maliciosa. Isso pode levar ao roubo de credenciais ou a outros ataques. **Recomendações** Para versões anteriores à 8.1.2, atualize para a versão 8.1.2 para resolver o problema. Como solução temporária, considere restringir o acesso à página “Alteração de senha” até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** code-projects Faculty Management System version 1.0 **Description** A problematic issue was found in the Faculty Management System, affecting an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the `Description/Units` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For code-projects Faculty Management System version 1.0, consider restricting access to the /admin/pages/subjects.php file until a patch is available. As a temporary workaround, avoid using the `Description/Units` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Faculty Management System version 1.0 **Description** A problematic issue has been found in the Faculty Management System, affecting some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the `Year Level/Section` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For code-projects Faculty Management System version 1.0, consider restricting access to the /admin/pages/yearlevel.php file until a patch is available. As a temporary workaround, avoid using the `Year Level/Section` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeAstro POS and Inventory Management System version 1.0 **Description** A vulnerability has been found in the system, allowing for improper access controls. The issue is related to the manipulation of the `account type` argument with the input `Admin` in the unknown functionality of the file `/accounts con/register account` of the component User Creation Handler. This can be exploited remotely. **Recommendations** For CodeAstro POS and Inventory Management System version 1.0, as a temporary workaround, consider restricting access to the `/accounts con/register account` file to minimize the risk of exploitation. Avoid using the `account type` argument with the input `Admin` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro POS and Inventory Management System version 1.0 **Description** A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /accounts con/register account. The manipulation of the `Username` argument with malicious input, such as `<script>alert(document.cookie)</script>`, leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For CodeAstro POS and Inventory Management System version 1.0, as a temporary workaround, consider restricting access to the `/accounts con/register account` file until a patch is available. Avoid using the `Username` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro POS and Inventory Management System version 1.0 **Description** A vulnerability was found in the CodeAstro POS and Inventory Management System, which has been classified as problematic. This issue affects an unknown part of the file /item/item con. The manipulation of the `item name` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro POS and Inventory Management System version 1.0, consider disabling the functionality that allows the manipulation of the `item name` argument until a patch is available. Restrict access to the /item/item con file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.