Taurusomar

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer.

**Name of the Vulnerable Software and Affected Versions** Banco Guayaquil versions 8.0.0 **Description** The Banco Guayaquil mobile iOS application version 8.0.0 has a persistent cross-site scripting issue in the TextBox Name Profile input. An attacker can inject malicious script code via a POST request, which will execute when the application is reviewed, without requiring user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Markright version 1.0 **Description** Markright is affected by a persistent cross-site scripting issue. Attackers can embed malicious payloads within markdown files. Uploading specially crafted markdown files allows execution of arbitrary JavaScript when the files are opened, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Marky version 0.0.1 **Description** Marky version 0.0.1 contains a persistent cross-site scripting issue. Attackers can upload crafted markdown files with embedded JavaScript payloads. When these files are opened, the embedded scripts execute, potentially enabling remote code execution. The issue allows attackers to inject malicious scripts into markdown files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moeditor version 0.2.0 **Description** The software contains a persistent cross-site scripting issue. Attackers can store malicious payloads within markdown files. Uploading specially crafted markdown files with embedded JavaScript allows execution when opened, potentially enabling remote code execution on the victim's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SnipCommand version 0.1.0 **Description** The software contains a cross-site scripting issue that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StudyMD version 0.3.2 **Description** StudyMD version 0.3.2 has a persistent cross-site scripting issue. Attackers can inject malicious scripts into markdown files. Uploading crafted markdown files with embedded JavaScript payloads allows execution when the file is opened, potentially enabling remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xmind 2020 **Description** Xmind 2020 is affected by a cross-site scripting issue. This allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can create malicious files containing embedded JavaScript that execute system commands when opened. Exploitation can occur through mouse interactions or file opening, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeter version 1.2.1 **Description** The software contains a persistent cross-site scripting issue. Attackers can store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Markdown Explorer versão 0.1.1 **Descrição** O Markdown Explorer versão 0.1.1 está afetado por uma vulnerabilidade de cross-site scripting. Isso permite que invasores injetem código malicioso por meio de uploads de arquivos e entradas do editor. Ao fazer upload de arquivos markdown contendo payloads JavaScript, os invasores podem executar comandos remotos e potencialmente obter acesso ao sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Markdownify version 1.2.0 **Description** Markdownify version 1.2.0 has a persistent cross-site scripting issue. Attackers can store malicious payloads within markdown files. Uploading crafted markdown files with embedded scripts allows execution when the file is opened, potentially enabling remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tagstoo version 2.0.1 **Description** Tagstoo 2.0.1 contains a stored cross-site scripting issue that allows attackers to inject malicious payloads through files or custom tags. Successful exploitation can lead to the execution of arbitrary JavaScript code, potentially enabling attackers to spawn system processes, access files, and perform remote code execution on a victim’s computer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do plugin de backup UpdraftPlus para WordPress anteriores à 1.22.9 **Descrição** O problema está relacionado a uma vulnerabilidade de Cross-Site Scripting (XSS) refletido. Ela ocorre porque o parâmetro `updraft interval` não é devidamente sanitizado e escapado antes de ser exibido novamente em uma página de administração. **Recomendações** Para versões anteriores à 1.22.9, atualize para a versão 1.22.9 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à página de administração que exibe o parâmetro `updraft interval` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Codiad version 2.4.3 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by utilizing a .. (dot dot) in the `path` parameter of the download.php file in the components/filemanager directory. **Recommendations** For Codiad version 2.4.3, consider restricting access to the download.php file in the components/filemanager directory until a patch is available. Avoid using the `path` parameter with unvalidated input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codiad version 2.4.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `short name` parameter in a rename action. This issue was originally incorrectly mapped, but it has been identified and described. **Recommendations** For Codiad version 2.4.3, avoid using the `short name` parameter in the rename action until a fix is available. As a temporary workaround, consider restricting access to the components/filemanager/dialog.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Installatron GQ File Manager version 0.2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `create` parameter to "index.php". This can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. **Recommendations** For Installatron GQ File Manager version 0.2.5, consider restricting access to the `create` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `create` parameter to minimize the risk of exploitation.