Caesar Evan Santoso

Name of the Vulnerable Software and Affected Versions: NotFound Gallery versions n/a through 2.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For versions n/a through 2.2.1, update to a version later than 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the Gallery until a patch is available. Avoid using the Gallery until the issue is resolved, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Fahad Mahmood Keep Backup Daily versions n/a through 2.1.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in Fahad Mahmood Keep Backup Daily. Recommendations: For versions n/a through 2.1.0, as a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** codection Import and export users and customers versions 1.27.12 and earlier **Description** The issue allows the insertion of sensitive information into externally-accessible files or directories, enabling the retrieval of embedded sensitive data. **Recommendations** For versions 1.27.12 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive data and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AI Chatbot for WordPress – Hyve Lite versions 1.2.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For AI Chatbot for WordPress – Hyve Lite versions 1.2.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webraketen Internal Links Manager versions 2.5.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability in webraketen Internal Links Manager, which allows exploiting incorrectly configured access control security levels. **Recommendations** For webraketen Internal Links Manager versions 2.5.2 and earlier, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ella van Durpe Slides & Presentations versions 0.0.0 through 0.0.39 **Description** The issue is related to the improper neutralization of script-related HTML tags in a web page, which allows for code injection. This is a basic Cross-Site Scripting (XSS) vulnerability. **Recommendations** For versions 0.0.0 through 0.0.39, update to a version that fixes the improper neutralization of script-related HTML tags to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CBB Team Content Blocks Builder versions n/a through 2.7.6 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions n/a through 2.7.6, update to a version later than 2.7.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ofek Nakar Virtual Bot versions prior to 1.0.0 **Description** The issue is related to the improper neutralization of special elements used in an SQL command, allowing for Blind SQL Injection. This means an attacker can execute SQL commands without directly seeing the database output, potentially leading to data extraction or modification. **Recommendations** For versions prior to 1.0.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to SQL commands or implementing additional validation and sanitization for user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ella van Durpe Slides & Presentations versions 0.0.0 through 0.0.39 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the application, potentially leading to unauthorized access or control. **Recommendations** For versions 0.0.0 through 0.0.39, update to a version that includes a fix for this issue, as no specific workaround or mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ofek Nakar Virtual Bot versions n/a through 1.0.0 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge, potentially leading to the execution of malicious scripts stored on the server. **Recommendations** For versions n/a through 1.0.0, as a temporary workaround, consider disabling any functionality that may be exploited through CSRF until a patch is available. Restrict access to sensitive areas of the Virtual Bot to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ella van Durpe Slides & Presentations versions 0.0.0 through 0.0.39 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 0.0.0 through 0.0.39, update to a version that includes the fix for the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.