0Xgordo

**Name of the Vulnerable Software and Affected Versions** Jahastech NxFilter version 4.3.2.5 **Description** A problematic vulnerability was found in Jahastech NxFilter, affecting the file /config,admin.jsp. The manipulation of the `admin name` argument leads to cross-site request forgery. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Jahastech NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the /config,admin.jsp file until a patch is available. Avoid using the `admin name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jahastech NxFilter version 4.3.2.5 **Description** A problematic issue has been found in the Bind Request Handler component, affecting the processing of the file `user,adap.jsp?actionFlag=test&id=1`. This leads to ldap injection and can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Jahastech NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the `user,adap.jsp` file until a patch is available. Additionally, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NxFilter version 4.3.2.5 **Description** A problematic issue was found in NxFilter, affecting an unknown part of the file "/report,daily.jsp". The manipulation of the `user` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the "/report,daily.jsp" file until a patch is available. Avoid using the `user` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NxFilter version 4.3.2.5 **Description** A vulnerability has been found in NxFilter, affecting unknown code of the file user.jsp, leading to cross-site request forgery. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the user.jsp file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.