Alert3

**Name of the Vulnerable Software and Affected Versions** Dataiku DSS version 11.2.1 **Description** The issue allows an attacker to download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. **Recommendations** For Dataiku DSS version 11.2.1, consider restricting access to the myfiles section to prevent unauthorized file downloads until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Solarwinds Orion versions 2019.4.1 **Description** The issue allows for cross-site scripting (XSS) attacks. XSS is a type of attack where an attacker injects malicious code into a website, which is then executed by the user's browser. This can lead to unauthorized access to sensitive data or taking control of the user's session. **Recommendations** For Solarwinds Orion version 2019.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Solarwinds Orion versions 2019.4 with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4 **Description** The issue allows for cross-site scripting (XSS) via a name of an alert definition. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the site. **Recommendations** For Solarwinds Orion version 2019.4 with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4, consider disabling the alert definition feature until a patch is available to prevent potential XSS attacks. Restrict access to the alert definition module to minimize the risk of exploitation. Avoid using user-inputted data in alert definition names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor version 20.1.56.1574 **Description** The issue allows an attacker with Read/Write privileges to create a map and insert JavaScript code using the Map Designer Properties screen. This can be exploited against any user with View Maps or Edit Maps access. **Recommendations** For PRTG Network Monitor version 20.1.56.1574, consider restricting access to the Map Designer Properties screen to prevent the insertion of malicious JavaScript code until a fix is available. As a temporary workaround, limit the privileges of users to prevent them from creating or editing maps.