Benjamin Sepe

**Name of the Vulnerable Software and Affected Versions** Netwrix Directory Manager versions through 2025-05-01 **Description** Netwrix Directory Manager is susceptible to a cross-site scripting issue. **Recommendations** Netwrix Directory Manager versions through 2025-05-01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring Security Core plugin versions 5.0.0 through 5.1.0 **Description** The Grails Spring Security Core plugin is vulnerable to privilege escalation, allowing an attacker to access one endpoint using the authorization requirements of a different endpoint. This can result in a privilege escalation attack, where access to the targeted endpoint is granted based on meeting the authorization requirements of the donor endpoint. **Recommendations** For Grails Spring Security Core plugin version 1.x, update to a patched release of the plugin. For Grails Spring Security Core plugin version 2.x, create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package: `AnnotationFilterInvocationDefinition`, `InterceptUrlMapFilterInvocationDefinition`, or `RequestmapFilterInvocationDefinition`, and override the `calculateUri` method. For Grails Spring Security Core plugin versions 3.0.0 through 3.3.1, update to version 3.3.2 or later. For Grails Spring Security Core plugin versions 4.0.0 through 4.0.4, update to version 4.0.5 or later. For Grails Spring Security Core plugin versions 5.0.0 through 5.1.0, update to version 5.1.1 or later.