Asger F

**Name of the Vulnerable Software and Affected Versions** Countly versions prior to 21.11 **Description** The issue allows for cross-site scripting. To exploit this, the victim must follow a malicious link or be redirected from a malicious website. The attacker needs to have an account or be able to create one. **Recommendations** For versions prior to 21.11, update to version 21.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Erxes versions 0.22.3 and prior **Description** Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting. This results in client-side code execution. The victim must follow a malicious link or be redirected there from a malicious web site. **Recommendations** For versions 0.22.3 and prior, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to potentially malicious links to minimize the risk of exploitation. Avoid using the system until a patch is available.