Cronus

**Name of the Vulnerable Software and Affected Versions** VirusTran Button contact VR versions 4.7.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS (Cross-site Scripting) attacks. This means an attacker could inject malicious scripts into the website, potentially affecting user sessions. **Recommendations** For VirusTran Button contact VR versions 4.7.3 and earlier, as a temporary workaround, consider disabling any functionality that generates web pages based on user input until a patch is available. Restrict access to any modules or functions that may be vulnerable to Stored XSS attacks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contact Form 7 Summary and Print versions 1.2.5 and earlier **Description** The issue affects Contact Form 7 Summary and Print, allowing Stored XSS due to Cross-Site Request Forgery (CSRF) and Improper Neutralization of Input During Web Page Generation. **Recommendations** For versions 1.2.5 and earlier, update to a version later than 1.2.5 to resolve the issue. As a temporary workaround, consider disabling the vulnerable `Contact Form 7 Summary and Print` plugin until a patch is available. Restrict access to the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AMP-MODE Login Logo Editor versions 1.3.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the AMP-MODE Login Logo Editor. **Recommendations** For versions 1.3.3 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Save as PDF plugin by Pdfcrowd versions n/a through 4.0.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 4.0.0, update to a version later than 4.0.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Web357 Easy Custom Code (LESS/CSS/JS) – Live editing versions 1.0.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS due to the live editing feature. **Recommendations** For versions 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue. As a temporary workaround, consider disabling the live editing feature until a patch is available. Restrict access to the live editing module to minimize the risk of exploitation. Avoid using the live editing feature in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WPFavicon versions 2.1.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.1.1 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Change From Email versions 1.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.2.1 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Simple Popup versions prior to 4.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 4.4, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tooltip CK versions through 2.2.15 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions through 2.2.15, update to a version later than 2.2.15 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Enea Overclokk Stellissimo Text Box versions through 1.1.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), allowing Stored XSS. This enables attackers to inject malicious scripts into web pages, potentially affecting users who access these pages. **Recommendations** For versions through 1.1.4, update to a version that fixes the Stored XSS vulnerability to prevent exploitation. As a temporary workaround, consider restricting user input in the Stellissimo Text Box to minimize the risk of Stored XSS attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tomas Cordero Safety Exit versions 1.7.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.7.0 and earlier, update to a version that fixes this issue, however at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bryan Hadaway Site Favicon versions 0.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Bryan Hadaway Site Favicon versions 0.2 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick Sharpen Resized Images versions 1.1.7 and earlier **Description** The issue affects ImageMagick Sharpen Resized Images, allowing Stored XSS due to improper neutralization of input during web page generation. This is a Cross-site Scripting vulnerability. **Recommendations** For versions 1.1.7 and earlier, update to a version that contains a fix for this issue to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Benoit Mercusot Simple Popup Manager versions 1.3.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.5 and earlier, update to a version later than 1.3.5 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webliberty Simple Spoiler versions 1.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Webliberty Simple Spoiler versions 1.2 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Forty Four – 404 Plugin for WordPress versions 1.4 and earlier **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions 1.4 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brozzme Scroll Top versions 1.8.5 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability, specifically a Stored XSS. This allows malicious scripts to be stored on the web application, potentially affecting users who access the compromised page. **Recommendations** For Brozzme Scroll Top versions 1.8.5 and earlier, update to a version that fixes this issue, as using outdated versions may expose users to Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HappyKite Ultimate Under Construction versions 1.9.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the page. **Recommendations** For versions 1.9.3 and earlier, update to a version later than 1.9.3 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website. Avoid using the vulnerable version of HappyKite Ultimate Under Construction until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mr Digital Simple Image Popup versions n/a through 2.4.0 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other security issues. **Recommendations** For versions n/a through 2.4.0, update to a version later than 2.4.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Giorgos Sarigiannidis Slash Admin versions 3.8.1 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross-Site Scripting (XSS) in Giorgos Sarigiannidis Slash Admin. **Recommendations** For Giorgos Sarigiannidis Slash Admin versions 3.8.1 and earlier, as a temporary workaround, consider implementing anti-CSRF measures, such as token-based validation, to prevent Cross-Site Request Forgery attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.