Norihiko Hirukawa

Name of the Vulnerable Software and Affected Versions: GroupSession versions 4.7.0 and earlier Description: The issue allows an attacker to redirect users to arbitrary web sites, potentially conducting phishing attacks. Recommendations: For versions 4.7.0 and earlier, update to a version later than 4.7.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GroupSession versions 4.6.4 and earlier **Description** The issue allows remote authenticated attackers to bypass access restrictions and obtain sensitive information, such as emails, via unspecified vectors. **Recommendations** For GroupSession versions 4.6.4 and earlier, update to a version later than 4.6.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS plugin Mail versions 3.0.10 and earlier **Description** A cross-site scripting issue allows remote authenticated attackers to inject arbitrary web script or HTML. **Recommendations** For versions 3.0.10 and earlier, update to a version later than 3.0.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 3.0.10 and earlier **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators. **Recommendations** For versions 3.0.10 and earlier, update to a version later than 3.0.10 to resolve the issue.