Arne Kersting

**Name of the Vulnerable Software and Affected Versions** LiveConfig version 2.12.2 **Description** A Stored XSS issue exists in the admin/users user administration form. This allows for the storage and execution of malicious scripts, potentially leading to unauthorized access or data theft. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For LiveConfig version 2.12.2, update to a version that includes a fix for this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiveConfig version 2.12.2 **Description** A Path Traversal issue in the log file of LiveConfig allows authenticated attackers to read files on the underlying server. **Recommendations** For LiveConfig version 2.12.2, consider restricting access to the log file to prevent exploitation until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of reading sensitive files on the server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.