David Utón Amaya

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to show subscription's information of other users by modifying the `SUSCBRIPTION ID` parameter of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION ID>". **Recommendations** For EmbedAI versions 2.1 and below, consider restricting access to the "/demos/embedai/subscriptions/show/<SUSCBRIPTION ID>" endpoint until a patch is available. As a temporary workaround, avoid using the `SUSCBRIPTION ID` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI (affected versions not specified) **Description** A Stored Cross-Site Scripting issue has been found, allowing an authenticated attacker to inject malicious JavaScript code into a message that will be executed when a user opens the chat. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injection of malicious JavaScript code, which will be executed when a user opens the malicious URL. **Recommendations** For EmbedAI versions 2.1 and earlier, consider disabling access to the "/embedai/users/show/" endpoint until a patch is available. Restrict the use of the `SCRIPT` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** An issue with inadequate access control has been identified, allowing an authenticated attacker to obtain database backups by requesting the "/embedai/app/uploads/database/" endpoint. This endpoint is vulnerable, enabling unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not specified. There is no information available about real-world incidents where this issue was exploited. **Recommendations** For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/app/uploads/database/" endpoint to prevent unauthorized database backup retrieval until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue has been found, allowing an authenticated attacker to change their subscription plan without paying. This is achieved by making a POST request to the "/demos/embedai/pmt cash on delivery/pay" endpoint and altering its parameters. **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/demos/embedai/pmt cash on delivery/pay" endpoint to prevent unauthorized changes to subscription plans. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The information provided by this endpoint includes the IP address, user agent, and location of the user who visited the web page. The endpoint "/embedai/visits/show/<VISIT ID>" is also vulnerable, providing similar information. **Recommendations** For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/visits/show/" and "/embedai/visits/show/<VISIT ID>" endpoints to prevent unauthorized information disclosure. As a temporary workaround, consider disabling the `visit` functionality until a patch is available. Avoid using the `VISIT ID` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the `FILE ID` of the endpoint "/embedai/files/show/<FILE ID>". **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/embedai/files/show/<FILE ID>" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue has been found, allowing an authenticated attacker to write messages into other users' chat by changing the `chat id` parameter of the POST request "/embedai/chats/send message". **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/embedai/chats/send message" endpoint until a patch is available. Avoid using the `chat id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the `CHAT ID` parameter in the endpoint "/embedai/chats/load messages?chat id=<CHAT ID>". **Recommendations** For EmbedAI versions 2.1 and below, consider restricting access to the "/embedai/chats/load messages" endpoint until a patch is available. As a temporary workaround, avoid using the `CHAT ID` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beta10 software (affected versions not specified) **Description** The Beta10 software does not provide proper authorization control in multiple areas of the application, allowing a malicious actor to access private areas and/or areas intended for other roles without authentication. The issue has been identified at least in the file or path `/app/tools.html`. **Recommendations** As a temporary workaround, consider restricting access to the `/app/tools.html` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pluck CMS version 4.7.18 **Description** An issue has been detected in Pluck CMS where there is an incorrect limitation of a path to a restricted directory, also known as path traversal. This allows an unauthenticated attacker to extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module. However, this does not affect recursive directories. The impact of this issue is unauthorized access to sensitive files. **Recommendations** For Pluck CMS version 4.7.18, patch immediately and review file permissions to mitigate the risk of unauthorized access to sensitive files. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** MESbook version 202221021.03 **Description** The issue is related to an Uncontrolled Resource Consumption vulnerability. An unauthenticated remote attacker can use the `message` parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself. This could lead to resource consumption and potentially disable the application. **Recommendations** For version 202221021.03, consider disabling the use of the `message` parameter until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the application to minimize the risk of resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MESbook version 20221021.03 **Description** The issue is an information exposure vulnerability that could allow a local attacker with user privileges to access different resources by changing the API value of the application. **Recommendations** For MESbook version 20221021.03, consider restricting access to the API to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MESbook version 20221021.03 **Description** The issue allows an unauthenticated remote attacker to register user accounts without authentication. This can be done by accessing the "/account/Register/" route and providing parameters such as `UserName`, `Password`, and `ConfirmPassword`. **Recommendations** For MESbook version 20221021.03, as a temporary workaround, consider restricting access to the "/account/Register/" route until a patch is available. Avoid using the parameters `UserName`, `Password`, and `ConfirmPassword` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MESbook version 20221021.03 **Description** The issue allows a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files, or access network resources. **Recommendations** For MESbook version 20221021.03, consider disabling access to the `/api/Proxy/Post` and `/api/Proxy/Get` endpoints until a patch is available. Restrict the use of the `userName`, `password`, and `uri` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Astrotalks version 10/03/2023 **Description** The issue allows unregistered users to access all internal links of the application without providing any credentials. This is an information exposure vulnerability. **Recommendations** For version 10/03/2023, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Astrotalks version 10/03/2023 **Description** The issue allows an authenticated local user to send a specially crafted SQL query to the `searchString` parameter, potentially retrieving all information stored in the database. **Recommendations** For version 10/03/2023, consider restricting access to the `searchString` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Astrotalks version 10/03/2023 **Description** The issue is related to improper privilege management, allowing a local user to access the application as an administrator without any provided credentials. This enables the attacker to perform administrative actions. **Recommendations** For version 10/03/2023, consider restricting access to administrative functions until a proper fix is applied, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HubBank version 1.0.2 **Description** The issue allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. This is a critical unrestricted file upload vulnerability. **Recommendations** For version 1.0.2, consider disabling the upload document fields functionality until a patch is available to prevent malicious PHP file uploads. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HubBank version 1.0.2 **Description** The issue is a Cross-site Scripting (XSS) vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any authenticated user loads the page, resulting in a session takeover. **Recommendations** For version 1.0.2, consider disabling the registration and profile forms temporarily until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to these forms to minimize the risk of session takeover. Avoid using the vulnerable forms in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.