Catalin Iovita

**Name of the Vulnerable Software and Affected Versions** github.com/yuin/goldmark/renderer/html versions prior to 1.7.17 **Description** Improper ordering of URL validation and normalization allows Cross-site Scripting (XSS). The renderer performs a prefix-based check using the `IsDangerousURL()` function to validate link destinations before resolving HTML entities. An attacker can bypass protocol filtering by encoding dangerous schemes with HTML5 named character references, such as using `javascript:alert(1)`, which results in arbitrary script execution when the application renders the URL. **Recommendations** Update to version 1.7.17 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue in Chromoting allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53.

**Name of the Vulnerable Software and Affected Versions** Bludit version 3.16.2 **Description** The application does not properly sanitize content input on the server side, despite client-side sanitation. An authenticated user can inject JavaScript into the post content field. This injected script executes in the context of a victim’s browser when the content is rendered, potentially allowing session hijacking, credential theft, or content manipulation. The vulnerability exists in the post content functionality. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider carefully reviewing and sanitizing all user-submitted content before publishing it.

**Name of the Vulnerable Software and Affected Versions** net.sourceforge.plantuml:plantuml versions prior to 1.2026.0 **Description** The software is susceptible to a Stored Cross-Site Scripting (XSS) issue because of inadequate sanitization of interactive attributes within GraphViz diagrams. A specially designed PlantUML diagram can inject malicious JavaScript into the generated SVG output, potentially allowing for arbitrary script execution when applications render the SVG. **Recommendations** Update to version 1.2026.0 or later.

**Name of the Vulnerable Software and Affected Versions** Vega (affected versions not specified) **Description** The software contains a flaw due to inadequate input validation within the `convert()` function when `safeMode` is active and the `spec` variable is an array. This allows an attacker to create a specially crafted Vega diagram specification that can send requests to any URL, potentially including local file system paths. This could lead to the disclosure of sensitive information. The vulnerable parameter is `spec`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DreamFactory (affected versions not specified) **Description** A flaw exists in the implementation of the `saveZipFile` method that could allow remote attackers to execute arbitrary code on affected DreamFactory installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, potentially allowing an attacker to execute code with the privileges of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** trenoncourt AutoQueryable version 1.7.0 **Description** An issue in trenoncourt AutoQueryable allows a remote attacker to obtain sensitive information via the `Unselectable` function. **Recommendations** For trenoncourt AutoQueryable version 1.7.0, consider disabling the `Unselectable` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome (affected versions not specified) **Description** The issue arises from various module chromes not properly processing inputs, which leads to XSS vectors. This allows for potential cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** janeczku Calibre-Web versions 0.6.0 through 0.6.21 **Description** The issue arises from improper sanitization performed by the `clean string` function, specifically in the way it handles HTML sanitization, making the `edit book comments` function vulnerable to Cross Site Scripting (XSS). **Recommendations** For versions 0.6.0 through 0.6.21, consider disabling the `edit book comments` function until a patch is available to prevent potential XSS attacks. Restrict access to the `clean string` function to minimize the risk of exploitation. Avoid using the `clean string` function for HTML sanitization in the affected versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gitea Open Source Git Server version 1.22.0 **Description** The issue affects Gitea Open Source Git Server due to improper neutralization of input during web page generation, allowing Stored XSS. This can enable a remote attacker to conduct a cross-site scripting attack. **Recommendations** For version 1.22.0, upgrade to version 1.23.0 to fix this issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.