Adesh Nandkishor Kolte

**Name of the Vulnerable Software and Affected Versions** Mahara versions 19.04 through 19.04.5 Mahara versions 19.10 through 19.10.3 Mahara versions 20.04 through 20.04.0 **Description** The issue allows certain places to execute file or folder names containing JavaScript, potentially leading to security risks. **Recommendations** For Mahara versions 19.04 through 19.04.5, update to version 19.04.6 or later. For Mahara versions 19.10 through 19.10.3, update to version 19.10.4 or later. For Mahara versions 20.04 through 20.04.0, update to version 20.04.1 or later.

**Name of the Vulnerable Software and Affected Versions** ASUS WRT-AC66U version 3.0.0.4.372 67 **Description** The issue allows for XSS via the `Client Name` field to the Parental Control feature. **Recommendations** For version 3.0.0.4.372 67, as a temporary workaround, consider restricting access to the Parental Control feature until a patch is available. Avoid using the `Client Name` field in the Parental Control feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Super File Explorer app version 1.0.1 **Description** A file upload issue has been found, located in a developer path next to the root path, which is accessible and hidden. This path is associated with the FTP or Web UI service, for which no password is set by default. **Recommendations** For Super File Explorer app version 1.0.1, consider setting a password for the FTP or Web UI service to minimize the risk of exploitation. As a temporary workaround, restrict access to the developer path to prevent unauthorized file uploads until a patch is available.