Xbadbiddyx

**Name of the Vulnerable Software and Affected Versions** dotCMS version 4.1.1 **Description** The issue affects the dotCMS application, where a Stored Cross-Site Scripting (XSS) vulnerability is present. This vulnerability impacts the Title field of vanity-urls, the Description field of containers, and the Description field of templates. **Recommendations** For dotCMS version 4.1.1, consider restricting access to the vulnerable fields, specifically the Title field of vanity-urls, the Description field of containers, and the Description field of templates, until a patch is available. As a temporary workaround, avoid using these fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infocus Mondopad version 2.2.08 **Description** The issue allows an attacker to disclose hashed credentials by providing a crafted Microsoft Office document, such as an Excel spreadsheet, containing a link with a UNC pathname associated with an attacker-controlled server. This enables the attacker-controlled server to receive the victim's NetNTLMv2 hash. **Recommendations** For Infocus Mondopad version 2.2.08, consider disabling the handling of UNC pathnames in Microsoft Office documents as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid opening suspicious Microsoft Office documents from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.