Evgeny Velikoivanenko

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to send a specially crafted HTTP request to check whether a user exists in the system. This issue could be a basis for further attacks. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247, apply the patch from the vendor. Versions 6.4.0.24248 and later have the patch applied. As a temporary workaround, consider restricting access to the HTTP request functionality until the patch is applied.

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit a specific path on the site. Recommendations: For versions 6.4.0.24126.2 through 6.4.0.24247, apply the patch from the vendor. Versions 6.4.0.24248 and later already have the patch applied.

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue enables cross-site scripting attacks. Recommendations: For versions 6.4.0.24126.2 through 6.4.0.24247, apply the patch from the vendor. Versions 6.4.0.24248 and later have the patch applied.