Alestorm980

**Name of the Vulnerable Software and Affected Versions** Popcorn Time version 0.4.7 **Description** The issue is related to a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on, allowing the webpage to use NodeJs features. An attacker can leverage this to run OS commands. **Recommendations** For Popcorn Time version 0.4.7, consider disabling the 'nodeIntegration' configuration as a temporary workaround to minimize the risk of exploitation. Restrict access to the 'Movies API Server(s)' field in the settings page until a patch is available. Avoid using the 'settings' page with the 'nodeIntegration' configuration enabled until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PeteReport version 0.5 **Description** The issue allows an authenticated admin user to inject persistent JavaScript code inside markdown descriptions when creating a product, report, or finding. **Recommendations** For PeteReport version 0.5, consider disabling the markdown description feature for product, report, or finding creation until a patch is available to prevent JavaScript code injection. Restrict access to the creation of products, reports, or findings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PeteReport version 0.5 **Description** The issue allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the `svg file` parameter. This enables the execution of malicious code, potentially leading to security breaches. **Recommendations** For PeteReport version 0.5, consider disabling the ability to add 'Attack Tree' elements or restrict modifications to the `svg file` parameter until a patch is available. As a temporary workaround, limit access to admin users and monitor for any suspicious activity related to JavaScript code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PeteReport version 0.5 **Description** The issue allows an attacker to trick users into deleting users, products, reports, and findings on the application through a Cross Site Request Forgery (CSRF) vulnerability. This means an attacker can forge requests that appear to come from the user, potentially leading to unauthorized actions. **Recommendations** For PeteReport version 0.5, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent attackers from tricking users into performing unintended actions. As a temporary workaround, restrict access to sensitive operations like deleting users, products, reports, and findings until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.6.0patch2 **Description** The issue allows an authenticated user to inject persistent JavaScript code through the `User-Agent` header when logging in. This code is triggered when an administrator visits the "User Sessions" tab, potentially compromising the administrator's session. **Recommendations** For Exponent CMS version 2.6.0patch2, consider disabling access to the "User Sessions" tab until a patch is available to prevent exploitation of the JavaScript injection vulnerability. Restrict the ability for users to inject custom JavaScript code through the `User-Agent` header to minimize the risk of session compromise.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.6.0patch2 **Description** The issue allows an authenticated admin user to inject persistent JavaScript code inside the `Site/Organization Name`, `Site Title`, and `Site Header` parameters while updating the site settings on the "/exponentcms/administration/configure site" API endpoint. **Recommendations** For Exponent CMS version 2.6.0patch2, as a temporary workaround, consider restricting access to the "/exponentcms/administration/configure site" API endpoint until a patch is available. Avoid using the `Site/Organization Name`, `Site Title`, and `Site Header` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.6.0patch2 **Description** The issue allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After uploading, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where it can be accessed in order to execute commands. **Recommendations** For Exponent CMS version 2.6.0patch2, consider restricting access to the extension upload feature for admin users until a patch is available. As a temporary workaround, monitor the "themes/simpletheme/" directory for any malicious PHP files and remove them promptly to prevent command execution.

**Name of the Vulnerable Software and Affected Versions** PartKeepr versions up to v1.4.0 **Description** The issue allows an authenticated user to read local files by utilizing the 'file://' URI scheme when loading attachments using a URL while creating a part. **Recommendations** For versions up to v1.4.0, consider restricting the use of the 'file://' URI scheme to prevent unauthorized access to local files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PartKeepr versions up to v1.4.0 **Description** The issue allows an authenticated user to carry out SSRF (Server-Side Request Forgery) attacks and port enumeration due to a lack of validation in the functionality to upload attachments using a URL when creating a part. This enables requests to be made to local ports. **Recommendations** For versions up to v1.4.0, update to a version that contains a fix for this issue to prevent SSRF attacks and port enumeration.