Edwin Molenaar

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: A cross-site scripting (XSS) issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. Recommendations: For ClearML Enterprise Server version 3.22.5-1533, consider disabling the dataset upload functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the dataset upload feature to minimize the risk of arbitrary HTML code injection. Avoid using the vulnerable dataset upload functionality in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: An information disclosure issue exists in the Vault API functionality. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this issue. Recommendations: For ClearML Enterprise Server version 3.22.5-1533, consider disabling the Vault API functionality until a patch is available to prevent potential information disclosure. Restrict access to the Vault API to minimize the risk of exploitation. Avoid using the Vault API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GoCast version 1.1.3 **Description** An OS command injection issue exists in the NAT parameter of GoCast. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this issue. **Recommendations** For GoCast version 1.1.3, consider restricting access to the NAT parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the NAT parameter in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GoCast version 1.1.3 **Description** An OS command injection issue exists in the `name` parameter of GoCast, allowing arbitrary command execution via a specially crafted HTTP request. This can be triggered by an unauthenticated HTTP request. **Recommendations** For GoCast version 1.1.3, consider restricting access to the `name` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoCast version 1.1.3 **Description** A lack of authentication issue exists in the HTTP API functionality, allowing a specially crafted HTTP request to lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this issue. **Recommendations** For GoCast version 1.1.3, as a temporary workaround, consider restricting access to the HTTP API functionality until a patch is available. Avoid making unauthenticated HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** XYZScripts Contact Form Manager Plugin (affected versions not specified) **Description** A vulnerability was found in the XYZScripts Contact Form Manager Plugin, which has been declared as problematic. The manipulation of an unknown functionality leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XYZScripts Contact Form Manager Plugin (affected versions not specified) **Description** A problematic issue was found in the XYZScripts Contact Form Manager Plugin, affecting some unknown functionality. This issue leads to basic cross site scripting, which can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.