Chndlrx

**Name of the Vulnerable Software and Affected Versions** Key Systems Inc Global Facilities Management Software version 20230721a **Description** A flaw exists that allows a remote attacker to obtain sensitive information. The issue is related to the `sid` query parameter. The API endpoint is affected. The vulnerable parameter is `sid`. **Recommendations** Apply any available updates to address the issue. As a temporary workaround, restrict access to the `sid` query parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Key Systems Inc Global Facilities Management Software version 20230721a **Description** An issue allows a remote attacker to escalate privileges through the PIN component of the login functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Key Systems Inc Global Facilities Management Software version 20230721a **Description** A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software version 20230721a. This allows a remote attacker to execute arbitrary code through a function parameter. The vulnerable component is a function that does not properly sanitize input, potentially leading to the injection of malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Key Systems Inc Global Facilities Management Software version 20230721a **Description** A Cross Site Scripting issue exists in Key Systems Inc Global Facilities Management Software. A remote attacker can potentially execute arbitrary code by manipulating the `selectgroup` and `gn` parameters on the `/api/v1/Groups` endpoint. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/api/v1/Groups` endpoint to minimize the risk of exploitation. Sanitize the `selectgroup` and `gn` parameters before processing them within the `Groups` function.

**Name of the Vulnerable Software and Affected Versions** edu Business Solutions Print Shop Pro WebDesk version 18.34 **Description** An issue allows a remote attacker to escalate privileges through the `AccessID` parameter. **Recommendations** Apply any available updates or patches for version 18.34. As a temporary workaround, restrict access to the `AccessID` parameter.