Daniel Elkabes

**Name of the Vulnerable Software and Affected Versions** Cloudreve versions v1.0.0 through v3.5.3 **Description** The issue is related to Stored Cross-Site Scripting (XSS) via the file upload functionality. A low-privileged user can share a file with an admin user, potentially leading to privilege escalation. **Recommendations** For Cloudreve versions v1.0.0 through v3.5.3, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the file sharing feature to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the "Summary Widget" element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the "Summary Widget" element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the “Condition Widget” element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions, as well as version 1.3.0 and later versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the “Condition Widget” element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the “Web Page” element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the “Web Page” element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apostrophe CMS versions prior to 3.3.1 **Description** The issue allows unauthenticated remote attackers to hijack recently logged-in users' sessions due to insufficient session expiration. This can occur when a device is compromised by a third party and cannot be locked out by disabling a user account or changing the password. **Recommendations** For versions prior to 3.3.1, as a mitigation measure, the user account in question can be archived (for 3.x releases) or moved to the trash (for 2.x and earlier releases), which disables the existing session. For versions 3.x, archive the user account to disable the existing session. For versions 2.x and earlier, move the user account to the trash to disable the existing session.

**Name of the Vulnerable Software and Affected Versions** Apostrophe CMS versions 2.63.0 through 3.3.1 **Description** The issue allows for Stored XSS attacks when an editor uploads an SVG file containing malicious JavaScript to the Images module. This triggers the XSS once the uploaded file is viewed. **Recommendations** For Apostrophe CMS versions 2.63.0 through 3.3.1, consider restricting the upload of SVG files to the Images module until a fix is available. As a temporary workaround, avoid using the Images module for viewing uploaded SVG files.

**Name of the Vulnerable Software and Affected Versions** Shuup versions 1.6.0 through 2.10.8 **Description** The issue is related to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim's browser. This occurs because the error page contents are not properly escaped. **Recommendations** For Shuup versions 1.6.0 through 2.10.8, ensure that error page contents are properly escaped to prevent the execution of arbitrary javascript code. As a temporary workaround, consider implementing additional validation and sanitization for user-inputted data that may be displayed on error pages.

**Name of the Vulnerable Software and Affected Versions** Apache Ofbiz versions v17.12.01 through v17.12.07 **Description** The issue in Apache Ofbiz involves the implementation of a try-catch exception to handle errors at multiple locations, which results in leaking sensitive table information. This could aid an attacker in further reconnaissance. A user can register with a very long password, but attempting to log in with it causes an exception to occur. **Recommendations** For Apache Ofbiz versions v17.12.01 through v17.12.07, consider restricting the length of passwords to prevent exceptions that could leak sensitive information. As a temporary workaround, consider disabling the registration feature with very long passwords until a patch is available. Restrict access to sensitive table information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr versions 3.3.beta1 20121221 through 13.0.2 **Description** The issue allows admin level users to change other user's details but fails to validate already existing `Login` name, while renaming the user `Login`. This leads to complete account takeover of the victim user, as the password gets overwritten for the victim user having a similar login name. **Recommendations** For versions 3.3.beta1 20121221 through 13.0.2, consider disabling the `Modify` access for admin level users to change other user's details until a patch is available, or restrict the ability to rename user `Login` to prevent account takeover. Additionally, monitor user account activity for suspicious changes to login names and passwords.

**Name of the Vulnerable Software and Affected Versions** Admin Columns WordPress plugin versions prior to 4.3 Admin Columns Pro WordPress plugin versions prior to 5.5.1 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible due to the lack of sanitization and escaping of the Label settings. The vulnerability can be exploited even when the unfiltered html capability is disallowed, for example, in a multisite setup. An authenticated attacker can supply a crafted arbitrary script and execute it by exploiting improper input validation on the value passed into the `Label` parameter. **Recommendations** For Admin Columns WordPress plugin versions prior to 4.3, update to version 4.3 or later. For Admin Columns Pro WordPress plugin versions prior to 5.5.1, update to version 5.5.1 or later. As a temporary workaround, consider restricting access to the Label settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** set-in versions 1.0.0 through 2.0.0 **Description** The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. **Recommendations** For versions 1.0.0 through 2.0.0, update to a version outside of this range to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** object-hierarchy-access versions 0.2.0 through 0.32.0 **Description** The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. **Recommendations** For versions 0.2.0 through 0.32.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.