Arianeblow

**Name of the Vulnerable Software and Affected Versions** Axelor Open Suite version 5.0 **Description** A stored cross-site scripting (XSS) issue was found, which can be exploited via the `Name` parameter. This allows for malicious script execution when the stored data is viewed. **Recommendations** For Axelor Open Suite version 5.0, as a temporary workaround, consider restricting the use of the `Name` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.3.11 **Description** An authenticated user can upload an XML file containing an XSS via the ITSM module, resulting in a stored XSS. **Recommendations** For EyesOfNetwork version 5.3.11, consider disabling the XML file upload feature in the ITSM module until a patch is available. Restrict access to the ITSM module to minimize the risk of exploitation. Avoid using the XML file upload feature in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios XI version 5.8.5 **Description** An issue was discovered in the Manage Dashlets section of the Admin panel, where an administrator can upload ZIP files. A command injection, within the name of the first file in the archive, allows an attacker to execute system commands. **Recommendations** For Nagios XI version 5.8.5, consider restricting access to the Manage Dashlets section of the Admin panel to minimize the risk of exploitation. As a temporary workaround, avoid uploading ZIP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork versions 5.3-10 **Description** The issue allows remote authenticated users to upload arbitrary .xml.php files due to the module admin ITSM relying on "le filtre userside." This could potentially lead to malicious code execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For EyesOfNetwork versions 5.3-10, consider disabling the admin ITSM module until a patch is available to prevent the upload of arbitrary .xml.php files. Restrict access to the module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork versions 5.3 through 5.3-10 **Description** The issue concerns the use of an integer session ID with a length of between 8 and 10 digits, which could potentially be exploited for brute-force authentication bypass. **Recommendations** For EyesOfNetwork versions 5.3 through 5.3-10, consider implementing additional authentication measures to mitigate the risk of brute-force attacks, such as account lockout policies or two-factor authentication.