Nuxsmin

**Nome do software vulnerável e versões afetadas** SysPass versões 3.2.x **Descrição** Uma vulnerabilidade de script entre sites (XSS) permite que invasores executem scripts da web ou HTML arbitrários ao injetar uma carga maliciosa no parâmetro `name` no endpoint “/Controllers/ClientController.php”. Isso permite que invasores possam executar código arbitrário. **Recomendações** Para a versão 3.2.x do SysPass, atualize o sistema o mais rápido possível e valide as entradas para evitar a exploração. Considere restringir temporariamente o acesso ao ClientController.php até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** nuxsmin sysPass versions up to 3.2.4 **Description** A problematic vulnerability was found in the URL Handler component, leading to cross-site scripting. The attack can be launched remotely. **Recommendations** For versions up to 3.2.4, upgrade to version 3.2.5 to address this issue.

**Name of the Vulnerable Software and Affected Versions** sysPass versions 2.0 through 2.1 **Description** An issue was discovered in sysPass where an algorithm was never sufficiently reviewed by cryptographers. The use of the MCRYPT RIJNDAEL 256() function, which is the 256-bit block version of Rijndael and not AES, could potentially help an attacker create havoc in the remote system. **Recommendations** For sysPass versions 2.0 through 2.1, update to version 2.1 or later to resolve the issue.