Fs

**Name of the Vulnerable Software and Affected Versions** EpiCentro version E 7.3.2 and later **Description** The issue allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. This can be achieved by sending a malicious request to the `httpd` endpoint. **Recommendations** For EpiCentro version E 7.3.2 and later, consider restricting access to the `httpd` service until a patch is available, and ensure that all GET requests include a leading "/" to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** EpiCentro version E 7.3.2 and later **Description** The issue allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. **Recommendations** For EpiCentro version E 7.3.2 and later, consider restricting access to the httpd service until a patch is available. As a temporary workaround, avoid using URLs with a leading "/" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Epicentro versions 7.3.2 and later **Description** The issue concerns code injection in the "/ui/login" form, specifically through the `Language` parameter, allowing attackers to execute JavaScript code. This is achieved by manipulating a user into issuing a POST request to the vulnerable endpoint. **Recommendations** For Epicentro versions 7.3.2 and later, as a temporary workaround, consider restricting access to the "/ui/login" form or disabling the `Language` parameter until a patch is available. Avoid using the `Language` parameter in the affected API endpoint until the issue is resolved.