Andrea Intilangelo

**Name of the Vulnerable Software and Affected Versions** Rapid7 Metasploit Pro (affected versions not specified) **Description** Rapid7 Metasploit Pro on Windows is subject to a local privilege escalation. During startup, the `metasploitPostgreSQL` service and the subsequent `postgres.exe` service attempt to load an OpenSSL configuration file from a non-existent directory that standard users can write to. An attacker can place a crafted `openssl.cnf` file in that location to trick the high-privilege service into executing arbitrary commands, allowing an unprivileged user to gain SYSTEM level control of the host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/add new customer' file. This flaw allows a remote attacker to initiate an attack via manipulation of the affected file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the `/accounts/mr-save` file. This flaw allows a remote attacker to execute malicious scripts through the manipulation of unknown code within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A remote cross-site scripting issue exists in the file '/accounts/chart-save'. This allows an attacker to execute malicious scripts in the victim's browser. **Recommendations** As a temporary workaround, restrict access to the '/accounts/chart-save' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A flaw in the file '/inventory/item-save' allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A weakness in an unknown function within the '/inventory/purchase return save' file allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/inventory/purchase return save' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the file '/inventory/customer-save'. This flaw allows a remote attacker to execute malicious scripts through the manipulation of an unspecified function within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/sales save' file. This flaw allows a remote attacker to execute malicious scripts via the manipulation of unknown functionality within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/purchase save' file. This flaw allows a remote attacker to execute malicious scripts by manipulating an unknown functionality within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the `/inventory/supplier-save` file. This flaw allows remote exploitation through the manipulation of an unknown function within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebSystems WebTOTUM 2026 **Description** A flaw in the Calendar component allows for remote cross site scripting, which occurs when a malicious script is injected into a trusted website and executed in the victim's browser. **Recommendations** Upgrade the Calendar component to the fixed version.

**Name of the Vulnerable Software and Affected Versions** ERP Online versions prior to 4.0.0 **Description** A cross site scripting flaw exists in the Inventory Edit Item Page component. Remote attackers can exploit this by manipulating the `Item Name` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TotalAV version 5.15.69 **Description** TotalAV version 5.15.69 contains an unquoted service path issue in multiple system services running with LocalSystem privileges. An attacker can place malicious executables in specific unquoted path segments, potentially gaining SYSTEM-level access by exploiting the service path configuration. **Recommendations** Ensure service paths are properly quoted to prevent the placement of malicious executables.

**Name of the Vulnerable Software and Affected Versions** Energy CRM version 2025 **Description** A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. A remote user can exploit this by sending a POST request to the `/crm/create job submit.php` endpoint, specifically utilizing the `JobCreatedBy` parameter. Successful exploitation could allow an attacker to steal the cookie session details of an authenticated user. **Recommendations** Ensure proper validation of user input for the `JobCreatedBy` parameter in the `/crm/create job submit.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** Energy CRM version 2025 **Description** A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the theft of cookie session details. The issue is triggered by submitting a POST request to the ''/crm/create invoice submit.php'' endpoint, specifically utilizing the `customerName 0` parameter. **Recommendations** Apply input validation and sanitization to the `customerName 0` parameter in the ''/crm/create invoice submit.php'' endpoint.

**Name of the Vulnerable Software and Affected Versions** Viday (affected versions not specified) **Description** The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload. The JWTs contain sensitive user information, potentially exposing it to unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.9.0 **Description** OpenAtlas is susceptible to a cross-site scripting (XSS) issue caused by insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an authenticated user, potentially stealing session cookie details. The vulnerability occurs via the `/insert/person/<ID>` API endpoint, specifically through the `name` and `alias-0` parameters. **Recommendations** Apply input validation and sanitization to the `name` and `alias-0` parameters within the `/insert/person/<ID>` API endpoint.

**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.9.0 **Description** A Cross-Site Scripting (XSS) issue exists in OpenAtlas due to insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an authenticated user, potentially stealing session cookie details. The vulnerability is triggered via the `/insert/file` API endpoint, specifically through the `creator` and `license holder` parameters. **Recommendations** Ensure proper validation and sanitization of user input for the `creator` and `license holder` parameters in the `/insert/file` API endpoint.

**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.9.0 **Description** OpenAtlas is susceptible to a Cross-Site Scripting (XSS) issue caused by insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an authenticated user, potentially stealing session cookie details. The vulnerability occurs via the `/insert/group` API endpoint, specifically through the `name` and `alias-0` parameters. **Recommendations** Ensure proper validation and sanitization of user input for the `name` and `alias-0` parameters in the `/insert/group` API endpoint.

**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.9.0 **Description** A Cross-Site Scripting (XSS) issue exists in OpenAtlas due to insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an authenticated user, potentially stealing session cookie details. The vulnerability is triggered via the `/insert/edition` API endpoint, specifically through the `name` parameter. **Recommendations** Ensure proper validation and sanitization of user input for the `name` parameter in the `/insert/edition` API endpoint.