Rafael Fontes Souza

**Name of the Vulnerable Software and Affected Versions** SAP Gateway versions 7.5 through 7.53 **Description** The issue allows an attacker to inject content that is displayed as an error message, potentially misleading users into believing the information comes from a legitimate service. This is due to the lack of measures to neutralize special elements, which could allow a remote attacker to impact data integrity. **Recommendations** For SAP Gateway versions 7.5 through 7.53, consider implementing measures to neutralize special elements and validate user input to prevent content injection. As a temporary workaround, restrict access to error messages that could be manipulated by an attacker.

**Name of the Vulnerable Software and Affected Versions** Navigate CMS version 2.8 **Description** The issue concerns a Stored XSS vulnerability. It can be exploited via a request to the "navigate upload.php" endpoint, also known as File Upload, using a multipart/form-data JavaScript payload. **Recommendations** For Navigate CMS version 2.8, consider disabling the file upload functionality temporarily to mitigate the risk of exploitation until a patch is available. Restrict access to the navigate upload.php endpoint to minimize the risk of Stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the `titles[en]` parameter in the ` core/admin/pages/add/` endpoint. This allows for potential malicious script injection. **Recommendations** For Subrion CMS version 4.2.1, as a temporary workaround, consider restricting access to the ` core/admin/pages/add/` endpoint until a patch is available. Avoid using the `titles[en]` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMS ISWEB version 3.5.3 **Description** The issue allows an attacker to inject malicious SQL queries into the application, potentially obtaining sensitive information. **Recommendations** For CMS ISWEB version 3.5.3, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMS ISWEB version 3.5.3 **Description** The issue allows for directory traversal and local file download. This can be demonstrated through the "moduli/downloadFile.php" endpoint with a `file` parameter set to `oggetto documenti/../.././inc/config.php`, potentially allowing an attacker to gain control of the application due to credentials being present in the config.php file. **Recommendations** For CMS ISWEB version 3.5.3, consider restricting access to the `moduli/downloadFile.php` endpoint or implementing validation on the `file` parameter to prevent directory traversal attacks. As a temporary workaround, consider removing or securing the config.php file to prevent credential exposure until a patch is available.