Christopher Vella

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** The issue allows an authenticated user to inject malicious HTML and JavaScript code, which will be executed in the client's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows a user's supplied input, typically a CRLF sequence, to be used in splitting a returning response into two responses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration (affected versions not specified) **Description** The issue is related to the Oracle LDAP Attribute Handler component, which fails to protect the web page structure. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability also allows an attacker to enumerate Oracle LDAP attributes for the current user by modifying the query used by the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Installer (affected versions not specified) **Description** The issue is related to errors in privilege management within the Windows Installer component of Microsoft Windows operating systems. This can allow an attacker to elevate their privileges. The vulnerability enables attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.