Alexander Starikov

**Name of the Vulnerable Software and Affected Versions** Kickdler versions prior to 1.107.0 **Description** The issue allows attackers to provide an XSS payload via a HTTP response splitting attack. **Recommendations** For versions prior to 1.107.0, update to version 1.107.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wekan versions 6.84 and earlier **Description** The issue allows an attacker with user privilege on a kanban board to insert JavaScript code in the "Reaction to comment" feature, leading to Cross Site Scripting (XSS). **Recommendations** For Wekan versions 6.84 and earlier, as a temporary workaround, consider disabling the "Reaction to comment" feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.