Adipta Basu

**Name of the Vulnerable Software and Affected Versions** ModSecurity version 3.0.0 **Description** The issue concerns an XSS vulnerability via an onerror attribute of an IMG element. It is noted that a third party has disputed this issue, suggesting it may only apply to environments without a Core Rule Set configured. **Recommendations** For ModSecurity version 3.0.0, consider configuring a Core Rule Set to potentially mitigate the risk of this issue. As a temporary workaround, restrict the use of onerror attributes in IMG elements until a more definitive resolution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DIGISOL DG-BR4000NG devices (affected versions not specified) **Description** The issue concerns a security problem where DIGISOL DG-BR4000NG devices are affected by XSS via the SSID. The SSID is validated only on the client side, which can lead to potential security risks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DIGISOL DG-BR4000NG (affected versions not specified) **Description** The issue is related to a Buffer Overflow that can be triggered via a long Authorization HTTP header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.