Devesh Logendran

**Name of the Vulnerable Software and Affected Versions** Calibre versions prior to 7.15.0 **Description** The issue is related to unsanitized user-input, allowing attackers to perform reflected cross-site scripting. **Recommendations** For Calibre versions prior to 7.15.0, update to version 7.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Calibre versions prior to 7.15.0 **Description** The issue concerns unsanitized user-input, allowing users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. **Recommendations** For Calibre versions prior to 7.15.0, update to version 7.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebAccess/SCADA version 8.3 **Description** An improper authentication issue exists, potentially allowing an authentication bypass. This could enable an attacker to upload malicious data. **Recommendations** For version 8.3, update to a version that addresses the improper authentication issue to prevent potential authentication bypass and malicious data uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ANTlabs InnGate firmware versions on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ppli` parameter when https is used. **Recommendations** For ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, consider restricting access to the `ppli` parameter in the https endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ANTlabs InnGate firmware versions on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the `msg` parameter in the index-login.ant file. **Recommendations** For all affected versions, consider restricting access to the index-login.ant file until a patch is available. As a temporary workaround, avoid using the `msg` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.