Cláudio André

**Name of the Vulnerable Software and Affected Versions** Advanced Newsletter Magento extension versions prior to 2.3.5 **Description** The issue exists due to SQL Injection in the Advanced Newsletter Magento extension. This can be exploited via the "/store/advancednewsletter/index/subscribeajax/an category id/" PATH INFO. **Recommendations** For versions prior to 2.3.5, update to version 2.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/store/advancednewsletter/index/subscribeajax/an category id/" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: Good for Enterprise for Android version 1.9.0.40 Good for Enterprise for Android version 2.8.0.398 Description: The issue is related to a cross-site scripting (XSS) vulnerability. Recommendations: For Good for Enterprise for Android version 1.9.0.40, update to a version that includes a fix for this issue. For Good for Enterprise for Android version 2.8.0.398, update to a version that includes a fix for this issue.