Engin Aydoğan

**Name of the Vulnerable Software and Affected Versions** File Station versions prior to 5.5.6.5243 **Description** An incorrect authorization issue allows a remote attacker with a user account to bypass intended access restrictions. **Recommendations** Update to version 5.5.6.5243 or later.

**Name of the Vulnerable Software and Affected Versions** Signum Technology Promotion and Training Inc. Windesk.Fm versions through 27022026 **Description** An issue exists in Windesk.Fm that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. The vulnerability could potentially allow an attacker to inject malicious SQL code, potentially gaining unauthorized access to the database or manipulating data. **Recommendations** Versions prior to 27022026 should be updated.

**Name of the Vulnerable Software and Affected Versions** TalentSoft e-BAP Automation versions prior to 42957 **Description** An Improper Neutralization of Input During Web Page Generation issue, specifically a Reflected Cross-site Scripting (XSS) condition, exists in TalentSoft e-BAP Automation. This allows for the execution of malicious scripts through crafted input. The issue impacts the application's handling of user-supplied data during web page generation. **Recommendations** Update TalentSoft e-BAP Automation to version 42957 or later.

**Name of the Vulnerable Software and Affected Versions** TalentSoft UNIS versions prior to 42957 **Description** The software contains a Reflected Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web pages. **Recommendations** Update TalentSoft UNIS to version 42957 or later.

**Name of the Vulnerable Software and Affected Versions** Aryom Software High Technology Systems Inc. KVKNET versions prior to 2.1.8 **Description** The software contains a flaw related to improper input handling during web page generation, potentially leading to Reflected Cross-site Scripting (XSS). This allows for the execution of malicious scripts within the context of a user's browser. The affected component is susceptible to exploitation through crafted web requests. **Recommendations** Update to version 2.1.8 or later.

**Name of the Vulnerable Software and Affected Versions** File Station 5 versions prior to 5.5.6.5018 **Description** A cross-site scripting (XSS) issue exists in File Station 5. If an attacker obtains a user account, they may be able to bypass security features or access application data. **Recommendations** Update to File Station 5 version 5.5.6.5018 or later.

**Name of the Vulnerable Software and Affected Versions** Workcube ERP versions V12 through V14 through 20250916 **Description** Workcube ERP is susceptible to a Reflected Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Workcube ERP versions V12 through V14 through 20250916: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier **Description** An improper access control vulnerability exists in the EZ Sync Manager of ADM. Authenticated users can copy arbitrary files from the server file system into their EZSync folder due to a lack of authorization checks on the file parameter of the HTTP request. This allows attackers to access files outside their authorized scope, potentially leading to unauthorized exposure of sensitive data, provided the file has readable permissions for other users on the underlying OS. **Recommendations** ADM versions prior to 4.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ADM versions 4.1.0 through 4.3.3.RH61: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ADM version 5.0.0.RIN1 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier Text Editor version 1.0.0.r112 and earlier **Description:** A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, potentially gaining access to cookies or other sensitive information retained by the browser and used with the affected applications. **Recommendations:** Update ADM to a version later than 4.3.3.RH61. Update ADM to a version later than 5.0.0.RIN1. Update Text Editor to a version later than 1.0.0.r112.

**Name of the Vulnerable Software and Affected Versions:** ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier **Description:** A stored Cross-Site Scripting (XSS) issue exists in the Access Control of ADM. The vulnerability allows an attacker to inject malicious scripts into the folder name field when creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data. **Recommendations:** Update ADM to a version later than 5.0.0.RIN1. Update ADM to a version later than 4.3.3.RH61.