Christian Rellmann

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.1.0 **Description** The issue allows Self-XSS on the LDAP authentication page via the `username` to the LDAP login form. **Recommendations** For versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP login form to minimize the risk of exploitation. Avoid using malicious usernames in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions prior to 3.8.17 **Description** The issue concerns a potential JavaScript code execution in the context of the page when a new user is added via the management UI. This occurs due to insufficient sanitization of the `<script>` tag in the user's name, which is rendered in a confirmation message. The exploitation requires the user to be signed in and have elevated permissions for other user management. **Recommendations** For versions prior to 3.8.17, update to RabbitMQ 3.8.17 to resolve the issue. As a temporary workaround, consider disabling the `rabbitmq management` plugin and use CLI tools for management operations, along with Prometheus and Grafana for metrics and monitoring.