Byeongjun Jo

**Name of the Vulnerable Software and Affected Versions** Webvitaly iFrame versions prior to 5.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 5.0, update to a version that includes the fix for this issue to prevent Stored XSS attacks. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FV Flowplayer Video Player versions through 7.5.44.7212 **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This means that the software may redirect users to untrusted sites, potentially leading to phishing or other malicious activities. **Recommendations** For versions through 7.5.44.7212, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced iFrame versions n/a through 2024.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For versions n/a through 2024.2, update to a version later than 2024.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FV Flowplayer Video Player versions through 7.5.41.7212 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions through 7.5.41.7212, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hometory Mang Board WP versions 1.7.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the page. **Recommendations** For Hometory Mang Board WP versions 1.7.7 and earlier, update to a version later than 1.7.7 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.