Gabriele Zanoni

**Name of the Vulnerable Software and Affected Versions** DFLabs PTK versions 1.0.0 through 1.0.4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents. These documents are rendered in web browsers during inspection by PTK. The vendor notes that the product is intended for use in a laboratory with no internet contact. **Recommendations** For DFLabs PTK versions 1.0.0 through 1.0.4, consider restricting the rendering of HTML documents from forensic images to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DFLabs PTK versions 1.0.0 through 1.0.4 **Description** The issue allows remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server. This can be achieved via `external tools` or a crafted forensic image. **Recommendations** For versions 1.0.0 through 1.0.4, update to a version that contains a fix for this issue.