Abhinav Khanna

**Name of the Vulnerable Software and Affected Versions** Firefox for iOS versions prior to 136 **Description** A issue exists where scanning certain QR codes containing website URLs can lead to the URL being opened without a confirmation alert. **Recommendations** For Firefox for iOS versions prior to 136, update to version 136 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Umbrella (affected versions not specified) **Description** A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this by attempting to modify the user's email address, potentially allowing them to enumerate email addresses of users in the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Umbrella (affected versions not specified) Description: The issue is related to the Scheduled Reports feature of Cisco Umbrella, where a vulnerability exists due to the lack of neutralization of special elements. This could allow a remote attacker to execute arbitrary code. Additionally, multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature may enable an authenticated, remote attacker to perform formula and link injection attacks on an affected device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Umbrella (affected versions not specified) Description: The issue concerns multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella. These vulnerabilities could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. The vulnerability is also related to a lack of neutralization of elements in a CSV file, which could allow a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings and Cisco Webex Meetings Server Software (affected versions not specified) **Description** A vulnerability in the user interface could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email due to insufficient input validation. An attacker could exploit this by entering a URL into a field in the user interface, potentially generating an email with a link to a destination of their choosing. Since the email is sent from a trusted source, the recipient may be more likely to click the link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Umbrella (affected versions not specified) **Description** The issue is related to insufficient rate limiting controls in the web UI of Cisco Umbrella, which could allow an unauthenticated, remote attacker to negatively affect the performance of the service. An attacker could exploit this by sending crafted HTTPS packets at a high and sustained rate, potentially leading to a denial of service. The vulnerability is associated with unlimited resource allocation in the web interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.