D47Sec

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A bypass of the `DISALLOWED SQL FUNCTIONS` security feature allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, potentially leading to the disclosure of sensitive database information, such as the software version. Recommendations: Upgrade to version 5.0.0.

**Name of the Vulnerable Software and Affected Versions** projectsend/projectsend versions prior to r1606 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the GitHub repository projectsend/projectsend. This type of attack involves injecting malicious scripts into a website, allowing an attacker to steal user data or take control of the user's session. **Recommendations** For versions prior to r1606, update to version r1606 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.