Alejo Popovici

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 9.0.52 ownCloud Server versions prior to 9.0.4 **Description** The issue concerns a log pollution vulnerability that could potentially lead to a local XSS. The download log functionality in the admin screen delivers logs in JSON format. However, in certain browser configurations, such as Firefox on Microsoft Windows, the log data can be opened as an HTML document, allowing any injected data in the log to be executed. **Recommendations** For Nextcloud Server versions prior to 9.0.52, update to version 9.0.52 or later. For ownCloud Server versions prior to 9.0.4, update to version 9.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.18 **Description** The issue allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a `public key` parameter value. This is demonstrated by the `public key` value 0. **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the CAPTCHA mechanism until the update is applied.