Darek Jensen

**Name of the Vulnerable Software and Affected Versions** PAN-OS (affected versions not specified) **Description** A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreNMS version 22.3.0 **Description** The issue is related to multiple command injection vulnerabilities. These vulnerabilities can be exploited via the `service ip`, `hostname`, and `service param` parameters. **Recommendations** For LibreNMS version 22.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.