Adrian Tiron

**Name of the Vulnerable Software and Affected Versions** Kaspersky Security 8.0 for Linux Mail Server **Description** The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize special elements, which can be exploited by a remote attacker. **Recommendations** For Kaspersky Security 8.0 for Linux Mail Server, consider disabling any functionality that may lead to administrators clicking on malicious links until a patch is available. Restrict access to potentially vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (previously concrete5) versions 8.5.12 and below Concrete CMS (previously concrete5) versions 9.0 through 9.1.3 **Description** The issue concerns a possible Auth bypass in the jobs section of Concrete CMS. **Recommendations** For versions 8.5.12 and below, update to version 9.2 or later. For versions 9.0 through 9.1.3, update to version 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue arises when Concrete CMS does not issue a new session ID upon successful OAuth authentication. This can lead to potential security risks. **Recommendations** For Concrete CMS versions below 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Stored Cross-Site Scripting (XSS) in icons, specifically due to the Microsoft application tile color not being sanitized. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue allows for XXE based DNS requests, which can lead to IP disclosure. This occurs due to a vulnerability in the Concrete CMS software, where an attacker can exploit the XML External Entity (XXE) feature to make unauthorized DNS requests, potentially revealing the IP address of the system. **Recommendations** For versions below 8.5.10, update to version 8.5.10 or later. For versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to the use of non-strict comparison for the `legacy salt`, which could lead to limited authentication bypass if this functionality is used. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions between 9.0.0 and 9.1.2 **Description** The issue inadvertently discloses server-side sensitive information, including secrets in environment variables and server information, when Debug Mode is left on in production. **Recommendations** For Concrete CMS (formerly concrete5) versions below 8.5.10, update to version 8.5.10 or later to resolve the issue. For Concrete CMS (formerly concrete5) versions between 9.0.0 and 9.1.2, update to version 9.1.3 or later to resolve the issue. As a temporary workaround, consider disabling Debug Mode in production environments until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue allows a user to cause an administrator to trigger reflected XSS with a URL if the targeted administrator is using an old browser that lacks XSS protection. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 Concrete CMS (formerly concrete5) versions prior to 8.5.10 **Description** The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high load. **Recommendations** For versions prior to 8.5.10, update to version 8.5.10 or later. For versions 9.0.0 through 9.1.2, update to a version later than 9.1.2.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (formerly concrete5) versions 8.5.9 and earlier Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the image manipulation library due to un-sanitized output. **Recommendations** For Concrete CMS (formerly concrete5) versions 8.5.9 and earlier, update to version 8.5.10 or later. For Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue allows for Stored Cross-Site Scripting (XSS) in the dashboard/system/express/entities/associations endpoint because Concrete CMS permits association with an entity name that does not exist or, if it does exist, contains XSS since it was not properly sanitized. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to version 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions below 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the multilingual report due to un-sanitized output. **Recommendations** For Concrete CMS versions below 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue is related to Reflected XSS in the dashboard icons due to un-sanitized output. **Recommendations** For Concrete CMS versions prior to 8.5.10, update to Concrete CMS 8.5.10 or later. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (affected versions not specified) **Description** The issue is related to a lack of the `State` parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This leads to a CSRF concern. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plesk Obsidian **Description** The issue allows a CSRF attack, for example, via the "/api/v2/cli/commands" REST API to change an Admin password. This affects Plesk Obsidian, which is a specific version of the Plesk product where versions are identified by names, not numbers. **Recommendations** As a temporary workaround, consider restricting access to the "/api/v2/cli/commands" REST API until a patch is available. Avoid using the API to change Admin passwords until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 8.5.6 and below **Description** The issue allows privilege escalation from Editor to Admin using Groups in Concrete CMS. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. The fix involves adding a check for group permissions before allowing a group to be moved. **Recommendations** For Concrete CMS versions 8.5.6 and below, update to Concrete CMS version 9.0.0 to resolve the issue. As a temporary workaround, consider restricting "view" permissions on the bulkupdate page to prevent potential escalation.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions below 8.5.7 Concrete CMS version 9.0.0 is not affected as it includes the fix. **Description** The issue concerns a SSRF mitigation bypass using a DNS Rebind attack, allowing an attacker to fetch cloud IAAS IAM keys. To address this, Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading, rather than relying on DNS. A mitigation for this issue is to ensure IMDS configurations follow a cloud provider's best practices. **Recommendations** For Concrete CMS versions below 8.5.7, update to version 8.5.7 or later to fix the issue. For users who cannot update immediately, consider implementing the mitigation by ensuring IMDS configurations are according to a cloud provider's best practices. As a temporary workaround, consider restricting downloads from the local network and specifying validated IPs when downloading to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.26 **Description** An issue was discovered where HTML was missing in the executable block list of `MediaHelper::canUpload()`, leading to XSS attack vectors. **Recommendations** For Joomla! versions 3.0.0 through 3.9.26, update to a version that includes the fix for the `MediaHelper::canUpload()` issue. As a temporary workaround, consider restricting the upload functionality to minimize the risk of exploitation.