Ahmed Hassan

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the Admin Panel component of the RRJ Nueva Ecija Engineer Online Portal. The issue affects an unknown functionality of the file /admin/admin user.php. The manipulation of the `Firstname`, `Lastname`, or `Username` arguments leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, as a temporary workaround, consider restricting access to the `/admin/admin user.php` file until a patch is available. Avoid using the `Firstname`, `Lastname`, or `Username` arguments in the affected Admin Panel component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** froxlor versions prior to 2.0.22 froxlor version 2.1.0 **Description** The issue concerns Business Logic Errors in the GitHub repository froxlor/froxlor. **Recommendations** For versions prior to 2.0.22, update to version 2.0.22 or later. For version 2.1.0, update to a version later than 2.1.0.

**Name of the Vulnerable Software and Affected Versions** Cisco SPA500 Series Analog Telephone Adapters (ATAs) (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to modify a web page in the context of a user's browser. This issue is due to insufficient validation of user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially altering web page contents to redirect users to malicious websites or conducting further client-side attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** modoboa/modoboa versions prior to 2.1.0 **Description** The issue is related to weak password requirements in the modoboa/modoboa GitHub repository. Users can set unsafe passwords, such as `1` or `HACK`. This issue is fixed in version 2.1.0. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider enforcing strong password policies to minimize the risk of exploitation. Restrict access to password settings to prevent users from setting weak passwords until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue allows for authentication bypass by capture-replay, enabling unlimited comments to be sent. This has been fixed in version 3.1.12. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas where comments can be sent until the update is applied.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to stored Cross-site Scripting (XSS) due to the failure to sanitize user input in the `category field name` parameter. This allows for the storage of malicious scripts that can be executed when the affected data is accessed. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the `category field name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue is related to stored Cross-site Scripting (XSS) due to the failure to sanitize user input in the FAQ site while generating an HTML Export. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue concerns Code Injection and Cross-site Scripting in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.12 **Description** The issue concerns weak password requirements in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to the misinterpretation of input in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue concerns weak password requirements in the GitHub repository thorsten/phpmyfaq. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. It affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Code Injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Command Injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to an Uncaught Exception in the GitHub repository thorsten/phpmyfaq. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Stored. This type of attack occurs when an application stores user input that contains malicious scripts, which are then executed by the application, allowing an attacker to steal user data or take control of the user's session. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to code injection in the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** thorsten/phpmyfaq versions prior to 3.1.11 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the thorsten/phpmyfaq GitHub repository. **Recommendations** For versions prior to 3.1.11, update to version 3.1.11 or later to resolve the issue.