Numan Ozdemir

**Name of the Vulnerable Software and Affected Versions** Vesta Control Panel versions prior to 0.9.8-22 **Description** The issue allows for XSS attacks through various parameters, including the `domain` parameter in the "edit/web/" endpoint, the `backup` parameter in the "list/backup/" endpoint, the `period` parameter in the "list/rrd/" endpoint, the `dir a` parameter in the "list/directory/" endpoint, or the `filename` to the "list/directory/" URI. **Recommendations** For Vesta Control Panel versions prior to 0.9.8-22, consider updating to a version that addresses this issue. As a temporary workaround, restrict access to the affected endpoints, such as "edit/web/", "list/backup/", "list/rrd/", and "list/directory/", to minimize the risk of exploitation. Avoid using the vulnerable parameters, such as `domain`, `backup`, `period`, `dir a`, and `filename`, in the affected endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ajenticp (aka Ajenti Docker control panel) versions through 1.2.23.13 Ajenti versions through 1.2.23.13 **Description** The issue is related to a Cross-site Scripting (XSS) vulnerability. It occurs when a filename is mishandled in the File Manager, allowing for potential exploitation. **Recommendations** For versions through 1.2.23.13, consider restricting access to the File Manager until a fix is available. As a temporary workaround, avoid using the File Manager for handling filenames that could be exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.19 **Description** A Persistent XSS issue was discovered in the Visual Editor of MyBB. The issue is related to a Video MyCode. **Recommendations** For versions prior to 1.8.19, update to version 1.8.19 or later to resolve the issue.