Berfim Babayigit

**Name of the Vulnerable Software and Affected Versions** Dataprom Informatics PACS-ACSS versions prior to 16.05.2025 **Description** The software contains an Improper Neutralization of Input During Web Page Generation, leading to a Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. **Recommendations** Update Dataprom Informatics PACS-ACSS to a version released on or after 16.05.2025.

**Name of the Vulnerable Software and Affected Versions** Vidco Software VOC TESTER versions prior to 12.41.0 **Description** An authorization bypass exists in Vidco Software VOC TESTER due to a user-controlled key vulnerability, allowing for forceful browsing. **Recommendations** Update Vidco Software VOC TESTER to version 12.41.0 or later.

**Name of the Vulnerable Software and Affected Versions** Bna Informatics PosPratik versions prior to 3.2.1 **Description** A Basic XSS vulnerability is found in Bna Informatics PosPratik, which fails to neutralize script-related HTML tags properly. This allows XSS through HTTP query strings. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP query strings to minimize the risk of exploitation. Avoid using user-supplied input in HTTP query strings until the issue is resolved.