Burninator

**Name of the Vulnerable Software and Affected Versions** Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0 **Description** The issue allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine. This is demonstrated by the use of `System.Diagnostics.Process.Start`. **Recommendations** For Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0, consider disabling the Compilation Mode as a temporary workaround until a patch is available. Restrict access to sensitive reports and machines to minimize the risk of exploitation. Avoid using the `System.Diagnostics.Process.Start` function in reports until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OnyakTech Comments Pro version 3.8 **Description** An issue was discovered in CommentsService.ashx. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the `username` and `userid` in the comment POST request. The attacker can also decrypt the encrypted encryption key by setting this encrypted value as the `username`, which will appear on the comment page in its decrypted form. Using these values, combined with the encryption functionality discovered in the decompiled installer, the attacker can encrypt another user's ID and `username`. These values can be used as part of the comment posting request to spoof the user. **Recommendations** For OnyakTech Comments Pro version 3.8, consider disabling the CommentsService.ashx until a patch is available to prevent exploitation. Restrict access to the comment posting functionality to minimize the risk of user spoofing. Avoid using the encrypted encryption key as a parameter in the comment form request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OnyakTech Comments Pro version 3.8 **Description** An issue in CommentsService.ashx allows an attacker to add an XSS payload to the JSON request, which will execute when users visit the page with the comment. This affects the comment posting functionality. **Recommendations** For OnyakTech Comments Pro version 3.8, consider disabling the comment posting functionality in CommentsService.ashx until a patch is available to prevent the addition of XSS payloads to JSON requests.

Name of the Vulnerable Software and Affected Versions: 2sic 2sxc versions prior to 11.22 Description: An issue was discovered that allows an attacker to craft a malicious URL, exploiting a XSS vulnerability in the `sxcver` parameter of "dnn/ui.html", which executes a JavaScript payload in a victim's browser. Recommendations: For versions prior to 11.22, update to version 11.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the "dnn/ui.html" endpoint to minimize the risk of exploitation. Avoid using the `sxcver` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Orchard versions prior to 1.10 Description: An issue was discovered in the Media Settings Allowed File Types list field, allowing an attacker to add a XSS payload. This payload will execute when users attempt to upload a disallowed file type, causing the error to display. Recommendations: For versions prior to 1.10, update to version 1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the Media Settings Allowed File Types list field to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Orchard versions prior to 1.10 Description: The issue concerns a broken access control in Orchard components using the TinyMCE HTML editor's file upload, allowing attackers to upload dangerous executables bypassing the allowed file types. Additionally, the Media Settings Allowed File Types list field is vulnerable to XSS payloads, which execute when users attempt to upload a disallowed file type, causing the error to display. Recommendations: For versions prior to 1.10, update to version 1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature in the TinyMCE HTML editor and limiting the allowed file types in Media settings to minimize the risk of exploitation. Avoid using the Media Settings Allowed File Types list field until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Quali CloudShell version 9.3 **Description** An issue was discovered that allows an attacker to craft a URL with a `constructor.constructor` substring in the `username` field, executing a payload when the user visits the "/Account/Login" page. This is due to an XSS vulnerability in the login page. **Recommendations** For Quali CloudShell version 9.3, consider disabling the login functionality until a patch is available, or restrict access to the "/Account/Login" page to minimize the risk of exploitation. Avoid using the `username` field in the affected login page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Enghouse Web Chat version 6.2.284.34 **Description** The issue allows for cross-site scripting (XSS) when a user enters their own domain name in the `WebServiceLocation` parameter. The response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. **Recommendations** For Enghouse Web Chat version 6.2.284.34, consider restricting access to the `WebServiceLocation` parameter to prevent external JavaScript execution until a fix is available. Avoid using the `WebServiceLocation` parameter with external domain names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0 **Description** A Remote Code Execution issue allows an attacker to encode C# scripts as base-64 in the report XML file, which will be compiled and executed on the server processing this file, potentially fully compromising the server. **Recommendations** For Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0, consider restricting access to the report XML file to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider validating and sanitizing the input in the report XML file to prevent malicious C# scripts from being executed.