0Xx7

Name of the Vulnerable Software and Affected Versions: Accela Civic Platform versions through 20.1 Description: The issue allows remote attackers to obtain sensitive information via a modified `contactSeqNumber` value in the `portlets/contact/ref/refContactDetail.do` endpoint. However, the vendor states that the information being queried is authorized for an authenticated user of the application. Recommendations: For Accela Civic Platform versions through 20.1, as a temporary workaround, consider restricting access to the `portlets/contact/ref/refContactDetail.do` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Accela Civic Platform versions prior to 20.2 Description: The issue allows for successURL XSS in the ssoAdapter/logoutAction.do endpoint. The vendor has stated that there are configurable security flags and they are unable to reproduce the issue with the available information. Recommendations: For Accela Civic Platform versions prior to 20.2, as a temporary workaround, consider restricting access to the ssoAdapter/logoutAction.do endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Good Layers LMS Plugin versions 2.1.4 and earlier **Description** The issue is related to an unauthenticated SQL Injection vulnerability. It exists due to the usage of "wp ajax nopriv" call in WordPress, allowing any unauthenticated user to access the function `gdlr lms cancel booking()`. The POST parameter `id` is sent straight into an SQL query without sanitization. **Recommendations** For Good Layers LMS Plugin versions 2.1.4 and earlier, consider updating to a version later than 2.1.4 to resolve the issue. As a temporary workaround, consider disabling the `gdlr lms cancel booking()` function until a patch is available. Restrict access to the `wp ajax nopriv` call in WordPress to minimize the risk of exploitation. Avoid using the parameter `id` in the affected API endpoint until the issue is resolved.