William Costa

**Nome do software vulnerável e versões afetadas: pfSense versão 2.5.0 Descrição: A vulnerabilidade permite a execução de código malicioso (Cross-Site Scripting, XSS) armazenado através do campo “Description” no arquivo services wol edit.php. Recomendações: Para a versão 2.5.0 do pfSense, atualize para uma versão que inclua uma correção para esta vulnerabilidade, a fim de evitar sua exploração.

**Name of the Vulnerable Software and Affected Versions** pfSense versions prior to 2.2.3 **Description** A cross-site scripting (XSS) issue exists in the WebGUI, allowing remote attackers to inject arbitrary web script or HTML via the `zone` parameter in a del action to "services captiveportal zones.php" API endpoint. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "services captiveportal zones.php" endpoint to minimize the risk of exploitation. Avoid using the `zone` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 5.1 SP1 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `refr` parameter to "index.php". **Recommendations** For versions 5.1 SP1 and earlier, update to a version later than 5.1 SP1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Facebook app version 14.0 Facebook Messenger app version 10.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. The vendor disputes the significance of this report, citing that the user must accept an interstitial warning before the HTML file content is rendered, and the HTML content's origin is a sandbox domain. **Recommendations** For Facebook app version 14.0, consider disabling the rendering of HTML file content from chat traffic until a patch is available. For Facebook Messenger app version 10.0, restrict the handling of crafted filename extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CacheGuard OS version 5.7.7 **Description** A cross-site request forgery (CSRF) issue exists in the gui/password-wadmin.apl component, allowing remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application. **Recommendations** For CacheGuard OS version 5.7.7, consider disabling the gui/password-wadmin.apl component until a patch is available to prevent exploitation of the CSRF vulnerability.

**Name of the Vulnerable Software and Affected Versions** Silver Peak VX versions prior to 6.2.5 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. **Recommendations** For versions prior to 6.2.5, update to version 6.2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SpamTitan versions prior to 6.04 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `sortdir` parameter in the auth-settings-x.php file. **Recommendations** For versions prior to 6.04, update to version 6.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the auth-settings-x.php file to minimize the risk of exploitation. Avoid using the `sortdir` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** F-Secure Messaging Secure Gateway version 7.5.0 before Patch 1862 **Description** A cross-site scripting (XSS) issue allows remote authenticated administrators to inject arbitrary web script or HTML via the `new` parameter in the SysUser module to admin. This can be achieved by accessing specific API endpoints, although the exact endpoint is not specified. **Recommendations** For F-Secure Messaging Secure Gateway version 7.5.0, apply Patch 1862 to resolve the issue. As a temporary workaround, consider restricting access to the SysUser module to minimize the risk of exploitation. Avoid using the `new` parameter in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FortiADC versions prior to 3.2.1 **Description** A cross-site scripting (XSS) issue exists in the web administration interface, allowing remote attackers to inject arbitrary web script or HTML via the `locale` parameter to the "gui partA/" endpoint. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "gui partA/" endpoint until the update is applied. Avoid using the `locale` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Aker Secure Mail Gateway versions 2.5.2 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `msg id` parameter in the "index.php" file. **Recommendations** For versions 2.5.2 and earlier, avoid using the `msg id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FortiOS versions 5.0.3 **Description** The issue is related to a cross-site scripting vulnerability in the web interface of FortiOS, specifically in the "user/ldap user/add" endpoint. This vulnerability is caused by insufficient protection of the web page structure. It allows a remote attacker to inject arbitrary JavaScript or HTML code through the `filter` parameter. **Recommendations** For FortiOS version 5.0.3, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the "user/ldap user/add" endpoint to minimize the risk of exploitation. Avoid using the `filter` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FortiOS versions 5.0.5 **Description** The issue is caused by insufficient protection of the web page structure in the FortiOS operating system, specifically in the firewall/schedule/recurrdlg component. This allows a remote attacker to inject arbitrary JavaScript or HTML code through the `mkey` parameter, resulting in a cross-site scripting (XSS) vulnerability. **Recommendations** For FortiOS version 5.0.5, consider restricting access to the vulnerable `firewall/schedule/recurrdlg` component until a patch is available. As a temporary workaround, avoid using the `mkey` parameter in the affected web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NagiosQL version 3.2 SP2 **Description** The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `txtSearch` parameter to various pages, including 'admin/hostdependencies.php' and 'admin/hosts.php', which utilize the search functionality in 'functions/content class.php'. **Recommendations** For NagiosQL version 3.2 SP2, consider restricting access to the search functionality in 'functions/content class.php' until a patch is available. Avoid using the `txtSearch` parameter in affected API endpoints, such as 'admin/hostdependencies.php' and 'admin/hosts.php', to minimize the risk of exploitation.