Daniel Hoffmann

**Name of the Vulnerable Software and Affected Versions** WIPOTEC GmbH ComScale versions 4.3.29.21344 through 4.4.12.723 **Description** The issue allows unauthenticated attackers to read files from the underlying operating system and obtain directory listings due to a failure in validating user sessions. **Recommendations** For versions 4.3.29.21344 and 4.4.12.723, consider restricting access to sensitive files and directories on the underlying operating system until a patch is available. As a temporary workaround, restrict access to the ComScale system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WIPOTEC GmbH ComScale versions 4.3.29.21344 through 4.4.12.723 **Description** An issue in WIPOTEC GmbH ComScale allows unauthenticated attackers to login as any user without a password. **Recommendations** For versions 4.3.29.21344 and 4.4.12.723, consider temporarily restricting access to the login functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sophos UTM versions prior to 9.706 Description: The issue allows Stored XSS to execute as an administrator in the quarantined email detail view. Recommendations: For Sophos UTM versions prior to 9.706, update to version 9.706 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions prior to 10.0.3 **Description** The issue is related to insufficient filtering, which can lead to a cross-site scripting (XSS) vulnerability in the user/card.php file. **Recommendations** For versions prior to 10.0.3, update to version 10.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions 3.0 through 10.0.3 **Description** The issue allows for XSS via the `qty` parameter to the "product/fournisseurs.php" endpoint, which is the product price screen. **Recommendations** For versions 3.0 through 10.0.3, avoid using the `qty` parameter in the "product/fournisseurs.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "product/fournisseurs.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions prior to 10.0.3 **Description** The issue allows SQL Injection. **Recommendations** For versions prior to 10.0.3, update to version 10.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions prior to 10.0.3 **Description** The issue allows for XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. This occurs due to the improper handling of uploaded files, specifically HTML documents, which are still served with a text/html content type even after being renamed with a .noexe extension. **Recommendations** For versions prior to 10.0.3, update to version 10.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the upload of HTML documents or ensuring that such files are properly sanitized and served with an appropriate content type to prevent XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPOffice PhpSpreadsheet versions prior to 1.8.0 **Description** The issue arises from the XmlScanner decoding sheet1.xml from an .xlsx file to utf-8 if a different encoding is declared in the header. This was initially intended as a security measure but is insufficient. By double-encoding the xml payload to utf-7, it is possible to bypass the check for the string `<!ENTITY` and thus allow for an XML external entity processing (XXE) attack. **Recommendations** For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of .xlsx files with non-UTF-8 encoding declarations to minimize the risk of exploitation.