Ahmad Ashraff

**Name of the Vulnerable Software and Affected Versions** Cisco Crosswork NSO CLI and ConfD CLI (affected versions not specified) **Description** A vulnerability could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The issue is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this by executing an affected CLI command, potentially allowing them to elevate privileges to root on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mahara versions prior to 1.5.9 Mahara versions 1.6.x prior to 1.6.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. This is a Cross-site Scripting (XSS) issue. **Recommendations** For Mahara versions prior to 1.5.9, update to version 1.5.9 or later. For Mahara versions 1.6.x prior to 1.6.4, update to version 1.6.4 or later.