Alexandru Copaceanu

Name of the Vulnerable Software and Affected Versions: IBM Hardware Management Console - Power versions 10.3.1050.0 and 11.1.1110.0 Description: The IBM Hardware Management Console - Power is susceptible to a stored cross-site scripting issue. An authenticated user can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session. Recommendations: For versions 10.3.1050.0 and 11.1.1110.0, sanitize all user inputs to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** VMware Avi Load Balancer (affected versions not specified) **Description** The issue is related to a lack of protection against SQL query structure exploitation in VMware Avi Load Balancer, allowing a remote attacker to gain unauthorized access to protected information by sending a specially crafted SQL query. This is an authenticated blind SQL Injection vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.