Christian Pappas

**Name of the Vulnerable Software and Affected Versions** Programi Bilanc - Build 007 Release 014 31.01.2020 **Description** An issue was discovered in Programi, which has multiple SQL injection vulnerabilities. **Recommendations** For Programi Bilanc - Build 007 Release 014 31.01.2020, consider restricting access to sensitive database queries to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Matrix42 Workspace Management versions 9.1.2.2765 and below **Description** The issue allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software. This can be exploited through the `description` parameter in the comment field. **Recommendations** For Matrix42 Workspace Management versions 9.1.2.2765 and below, consider disabling the comment field for special orders until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the description parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** portier vision versions 4.4.4.2 through 4.4.4.6 **Description** The issue is related to a lack of user input validation in parameter handling, which leads to SQL injections. This affects the login form and the search form for a key ring number. **Recommendations** For versions 4.4.4.2 through 4.4.4.6, consider validating user input to prevent SQL injections as a temporary workaround until a patch is available. Restrict access to the login and search forms to minimize the risk of exploitation.