Ghufran Khan

Name of the Vulnerable Software and Affected Versions hcengineering Huly Platform version 0.7.382 Description A server-side request forgery condition exists in hcengineering Huly Platform version 0.7.382. The issue is located in an unknown part of the file server/front/src/index.ts within the Import Endpoint component. This manipulation can be exploited remotely. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions hcengineering Huly Platform version 0.7.382 Description A vulnerability exists in hcengineering Huly Platform version 0.7.382 related to the JWT Token Handler component, specifically within the file `foundations/core/packages/token/src/token.ts`. The issue involves the manipulation of the `SERVER SECRET` argument with a specific input `secret`, leading to the use of a hard-coded cryptographic key. This manipulation can be initiated remotely and is considered to have high complexity, but exploitation is difficult. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the JWT Token Handler component or the `token.ts` file until a patch is available.

Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A flaw exists in the OAuth Authorization Request Handler component that allows for open redirect attacks. Manipulation of the `redirect uri` argument can be exploited remotely. The exploit is publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability.

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A weakness exists in the Webhook URL Handler component that could allow for server-side request forgery (SSRF). This can be triggered remotely by manipulating the system. The vendor was contacted but did not respond. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A security flaw exists in the `dangerouslySetInnerHTML` function of Casdoor 2.356.0. Manipulation of the `formCss`/`formCssMobile`/`formSideHtml` argument can lead to cross-site scripting (XSS). This attack can be initiated remotely. The exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability.

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** A security issue exists in mickasmt next-saas-stripe-starter 1.0.0. The `generateUserStripe` function within the `actions/generate-user-stripe.ts` file of the Checkout Handler component is susceptible to business logic errors due to manipulation of the `priceId` argument. This issue can be initiated remotely. **Recommendations** As a temporary workaround, consider restricting the use of the `generateUserStripe` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** A flaw exists in the `openCustomerPortal` function within the `actions/open-customer-portal.ts` file of the Stripe API component. This manipulation can lead to an authorization bypass. Remote exploitation is possible, but the complexity is high and exploitation is difficult. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mickasmt next-saas-stripe-starter version 1.0.0 **Description** An authorization issue exists due to improper authorization when manipulating the `userId`/`role` argument within the `updateUserrole` function in the file actions/update-user-role.ts. This allows for remote exploitation. The function `updateUserrole` is affected. **Recommendations** Address the improper authorization in the `updateUserrole` function of the actions/update-user-role.ts file.

**Name of the Vulnerable Software and Affected Versions** go2ismail Asp.Net-Core-Inventory-Order-Management-System versions prior to 9.20250118 **Description** A flaw exists in go2ismail Asp.Net-Core-Inventory-Order-Management-System. The issue resides in an unknown function within the Administrative Interface component. Successful exploitation allows for execution after redirection and can be initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Update go2ismail Asp.Net-Core-Inventory-Order-Management-System to a version later than 9.20250118.

Name of the Vulnerable Software and Affected Versions go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Description A flaw exists in go2ismail Free-CRM. This issue impacts an unknown part of the `/api/Security/` file within the Security API component, potentially leading to improper authorization. The attack can be carried out remotely, and a public exploit is available. The product utilizes a rolling release strategy, making specific version details for affected or updated releases unavailable. The vendor was contacted regarding this disclosure but did not respond. Recommendations Update to a version prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

**Name of the Vulnerable Software and Affected Versions** go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 **Description** A flaw exists in go2ismail Free-CRM’s Administrative Interface component that allows for code execution after redirection via remote manipulation. The vendor was notified of this issue but did not respond. The product uses a rolling release model, making specific version information for affected or updated releases unavailable. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go2ismail Asp.Net-Core-Inventory-Order-Management-System versions prior to 9.20250118 **Description** A flaw exists in the software that allows for improper authorization through manipulation of an unknown functionality within the `/api/Security/` file of the Security API component. Remote exploitation is possible. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update to a version later than 9.20250118.