Bsc

**Name of the Vulnerable Software and Affected Versions** evasys versions prior to 8.2 Build 2286 evasys versions 9.x prior to 9.0 Build 2401 **Description** The issue concerns the lack of input validation for certain parameters in evasys, specifically `nutzer titel`, `nutzer vn`, `nutzer nn`, `langID`, and `ONLINEID`. This allows authenticated attackers to inject HTML code and XSS payloads in multiple locations. **Recommendations** For evasys versions prior to 8.2 Build 2286, update to version 8.2 Build 2286 or later. For evasys versions 9.x prior to 9.0 Build 2401, update to version 9.0 Build 2401 or later. As a temporary workaround, consider restricting access to the user profile and direct links to minimize the risk of exploitation. Avoid using the parameters `nutzer titel`, `nutzer vn`, `nutzer nn`, `langID`, and `ONLINEID` in the affected locations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** evasys versions prior to 8.2 Build 2286 evasys versions 9.x prior to 9.0 Build 2401 **Description** A SQL injection issue in Logbuch in evasys allows authenticated attackers to execute SQL statements via the `welche` parameter. **Recommendations** For evasys versions prior to 8.2 Build 2286, update to version 8.2 Build 2286 or later. For evasys versions 9.x prior to 9.0 Build 2401, update to version 9.0 Build 2401 or later. As a temporary workaround, consider restricting access to the `welche` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Designer (Web) version 2023.1.3 **Description** The issue allows an attacker to perform Server Side Request Forgery (SSRF) attacks. The Reporting Designer (Web) can embed sources from external locations, and when a user chooses such a location, the server performs the request, potentially causing outbound traffic and importing data. This behavior can be leveraged by an attacker to exfiltrate data from machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web). **Recommendations** For version 2023.1.3, consider disabling the feature to embed sources from external locations as a temporary workaround until a patch is available. Restrict access to the Reporting Designer (Web) to minimize the risk of exploitation. Avoid using external locations for embedding sources in the affected version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Designer (Web) version 2023.1.3 **Description** The issue is related to Local File Inclusion. **Recommendations** For Stimulsoft Designer (Web) version 2023.1.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Designer (Desktop) versions 2023.1.4 through 2023.1.5 **Description** The issue allows an attacker to decrypt connection strings stored in .mrt files by decompiling the Stimulsoft.report.dll, as it uses a static secret that does not differ between versions or operating systems. **Recommendations** For versions 2023.1.4 and 2023.1.5, consider restricting access to the Stimulsoft.report.dll file to prevent decompilation until a patch is available. As a temporary workaround, avoid storing sensitive connection strings in .mrt files for these versions.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Designer (Desktop) version 2023.1.4 Stimulsoft Designer (Web) version 2023.1.3 Stimulsoft Viewer (Web) version 2023.1.3 **Description** The issue allows for Remote Code Execution, enabling an attacker to access the local file system without restrictions. This can lead to reading or writing local directories and files by including source code. An attacker can also prepare a report with a variable to gather data and render it in the report. **Recommendations** For Stimulsoft Designer (Desktop) version 2023.1.4, update to a version that addresses the Remote Code Execution issue. For Stimulsoft Designer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue. For Stimulsoft Viewer (Web) version 2023.1.3, update to a version that addresses the Remote Code Execution issue.

**Name of the Vulnerable Software and Affected Versions** Craft CMS versions 3.0.0 through 3.7.32 **Description** The issue concerns the disclosure of password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called `CRAFT CSRF TOKEN` and a HTML hidden field called `CRAFT CSRF TOKEN` to avoid Cross Site Request Forgery attacks. The `CRAFT CSRF TOKEN` cookie discloses the password hash without encoding it, whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. **Recommendations** For Craft CMS versions 3.0.0 through 3.7.32, consider disabling the `CRAFT CSRF TOKEN` cookie and the corresponding HTML hidden field until a patch is available to prevent the disclosure of password hashes. Restrict access to the YII framework's public functions to minimize the risk of decoding the masked password hashes.