Pankaj Kumar Thakur

Nome do Software Vulnerável e Versões Afetadas: Versões do Apple Music Classical anteriores à 2.3 Descrição: O problema foi corrigido com verificações aprimoradas. Um aplicativo pode vazar inesperadamente as credenciais de um usuário. Recomendações: Atualize para o Apple Music Classical versão 2.3 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to conduct a cross-site scripting attack. The vulnerability is related to user input validation and sanitization issues, which can lead to authenticated reflected cross-site scripting (XSS) attacks. An attacker must first obtain authentication to the system in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (on-premise) (affected versions not specified) **Description** The issue is related to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. An attacker must first obtain authentication to Apex Central on the target system in order to exploit this issue. The vulnerability exists because of inadequate protection of the web page structure, which may allow a remote attacker to conduct a cross-site scripting attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (on-premise) (affected versions not specified) **Description** The issue is related to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. An attacker must first obtain authentication to Apex Central on the target system in order to exploit this issue. The vulnerability exists because of inadequate protection of the web page structure, which may allow a remote attacker to conduct an inter-site scripting attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central versions (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure. It may allow a remote attacker to conduct a cross-site scripting attack. The exploitation requires the attacker to first obtain authentication to the target system. This issue is related to user input validation and sanitization problems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Cisco Umbrella (versões afetadas não especificadas) **Descrição** O problema está relacionado à entrada de dados do usuário não sanitizada em várias páginas do painel de gerenciamento, o que poderia permitir que um invasor remoto autenticado realizasse um ataque de script entre sites (XSS) contra um usuário do painel. Um invasor poderia explorar essa vulnerabilidade enviando JavaScript personalizado para a aplicação web e persuadindo um usuário a clicar em um link criado com intenção maliciosa. Uma exploração bem-sucedida poderia permitir que o invasor executasse código de script arbitrário no contexto da interface ou acessasse informações confidenciais do navegador. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.