Chris

**Name of the Vulnerable Software and Affected Versions** GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32 **Description** Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. Attackers can retrieve a deterministically derived API key from the `gptApiKey` JavaScript variable in the HTML source of any page. This key allows the submission of malicious translation payloads to the '/wp-json/gptranslate/v1/request' endpoint, resulting in the execution of arbitrary web scripts when a user accesses an affected page. **Recommendations** Update to a version later than 2.31.

**Name of the Vulnerable Software and Affected Versions** MembershipWorks – Membership, Events & Directory plugin for WordPress versions prior to 6.14 **Description** The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update to a version newer than 6.14.

**Name of the Vulnerable Software and Affected Versions** Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress versions prior to 2.0.1 **Description** The Double the Donation plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update to version 2.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Featured Image plugin for WordPress versions prior to 2.2 **Description** The Featured Image plugin for WordPress is susceptible to Stored Cross-Site Scripting through image metadata. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** Update the Featured Image plugin to version 2.2 or later.

**Name of the Vulnerable Software and Affected Versions** KeePass versions 2.53 and earlier KeePass through 2.53 (in a default installation) **Description** The issue is related to the storage of critical information in an unencrypted manner. An attacker with write access to the XML configuration file can obtain cleartext passwords by adding an export trigger. The vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC. Researchers argue that this is a security flaw, as no action is required from the KeePass owner to export passwords, making it impossible even in situations where an actor gains access to the device. **Recommendations** For KeePass versions 2.53 and earlier, consider disabling the export trigger feature to prevent exploitation until a patch is available. For KeePass through 2.53 (in a default installation), restrict access to the XML configuration file to minimize the risk of exploitation. As a temporary workaround, consider downgrading the executable to a version that does not contain the vulnerable export trigger feature, but be aware that this may introduce other security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby OpenID (aka ruby-openid) versions 2.8.0 and earlier **Description** The issue allows for a remotely exploitable flaw, specifically a Server-Side Request Forgery (SSRF) vulnerability. This occurs because the library performs discovery first, and then verification, enabling an attacker to change the URL used for discovery and trick the server into connecting to a potentially private server not publicly accessible. The severity of this issue can range from medium to critical, depending on how the ruby-openid library is employed by web application developers. Developers who based their OpenID integration heavily on the example app provided by the project are at the highest risk. **Recommendations** For versions 2.8.0 and earlier, consider disabling the OpenID discovery feature until a patch is available, or restrict the URLs that can be used for discovery to prevent SSRF attacks.

**Name of the Vulnerable Software and Affected Versions** LightOpenID versions through 1.3.1 **Description** The issue allows for Server-Side Request Forgery (SSRF) via a crafted OpenID 2.0 assertion request using the HTTP GET method. This is related to the openid.php file in LightOpenID. **Recommendations** For versions through 1.3.1, consider restricting access to the openid.php file to minimize the risk of SSRF exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Practecol's Guardzilla All-In-One Video Security System (affected versions not specified) Description: The issue is related to a static, hard-coded credential used in the cloud-based storage system of the Guardzilla device. This allows an attacker to access the private data of all users of the device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.17 **Description** There is a possible out-of-bounds read in the Linux kernel. The `restart syscall` function uses uninitialized data when restarting `compat sys nanosleep`. However, this issue is disputed because the code path is reportedly unreachable. **Recommendations** For Linux kernel versions prior to 3.17, update to version 3.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `compat sys nanosleep` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.19.10 MediaWiki versions 1.20.x through 1.21.3 MediaWiki versions 1.22.x through 1.22.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. **Recommendations** For versions prior to 1.19.10, update to version 1.19.10 or later. For versions 1.20.x through 1.21.3, update to version 1.21.4 or later. For versions 1.22.x through 1.22.0, update to version 1.22.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Portable Runtime (APR) library versions 1.4.3 through 1.4.4 Apache HTTP Server version 2.2.18 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via a URI that does not match certain types of wildcard patterns. This can be demonstrated by attacks against mod autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. **Recommendations** For Apache Portable Runtime (APR) library versions 1.4.3 and 1.4.4, consider updating to a version that includes a correct fix for the issue. For Apache HTTP Server version 2.2.18, consider updating to a version that includes a correct fix for the issue. As a temporary workaround, consider restricting access to the mod autoindex module in httpd to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.12 Mozilla Firefox versions 3.6.x prior to 3.6.9 Thunderbird versions prior to 3.0.7 Thunderbird versions 3.1.x prior to 3.1.3 SeaMonkey versions prior to 2.0.7 **Description** The issue is related to an integer overflow in the FRAMESET element implementation. This might allow remote attackers to execute arbitrary code via a large number of values in the `cols` attribute, leading to a heap-based buffer overflow. **Recommendations** For Mozilla Firefox versions prior to 3.5.12, update to version 3.5.12 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For Thunderbird versions prior to 3.0.7, update to version 3.0.7 or later. For Thunderbird versions 3.1.x prior to 3.1.3, update to version 3.1.3 or later. For SeaMonkey versions prior to 2.0.7, update to version 2.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics GP (affected versions not specified) **Description** The issue concerns a default system password setting of ACCESS in Microsoft Dynamics GP, which could facilitate bypassing of intended access restrictions by remote authenticated users through unspecified means. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics GP (affected versions not specified) **Description** The issue concerns the encryption method used by Microsoft Dynamics GP. It utilizes a substitution cipher to encrypt certain fields, including the system password field. This encryption method makes it easier for remote authenticated users to obtain sensitive information by decrypting the field's contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UBBThreads versions 5.x and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `debug` parameter in index.php. This can be used to steal MD5 hashes of passwords. **Recommendations** For UBBThreads versions 5.x and earlier, avoid using the `debug` parameter in the index.php file until a patch is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.