Nethanel Coppenhagen

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook for Android (affected versions not specified) **Description** A spoofing issue exists in the way Microsoft Outlook for Android parses specifically crafted email messages. This can allow a remote attacker to perform cross-site scripting attacks using a specially crafted email message. The vulnerability is related to errors in the representation of information by the user interface. Exploitation of the vulnerability may enable an attacker to launch a script in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kibana versions prior to 6.4.3 Kibana versions prior to 5.6.13 **Description** The issue is related to an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request to execute javascript code, potentially leading to the execution of arbitrary commands with the permissions of the Kibana process on the host system. **Recommendations** For versions prior to 6.4.3, update to version 6.4.3 or later. For versions prior to 5.6.13, update to version 5.6.13 or later.