Alessandro Albani

**Name of the Vulnerable Software and Affected Versions** Apache StreamPipes versions 0.69.0 through 0.93.0 **Description** The issue is related to the use of a cryptographically weak pseudo-random number generator (PRNG) in the user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time, potentially leading to account takeover. **Recommendations** For Apache StreamPipes versions 0.69.0 through 0.93.0, upgrade to version 0.95.0, which fixes the issue.

**Name of the Vulnerable Software and Affected Versions** SIPE s.r.l WI400 versions 8 through 11 **Description** A cross-site scripting (XSS) issue in the `check login` function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `f` parameter. This enables the execution of malicious code, potentially leading to unauthorized access or data theft. **Recommendations** For SIPE s.r.l WI400 versions 8 through 11, consider disabling the `check login` function until a patch is available to prevent exploitation. Restrict access to the `f` parameter in affected API endpoints to minimize the risk of arbitrary code execution.