Gozan10

**Name of the Vulnerable Software and Affected Versions** Ververica Platform version 2.14.0 **Description** The issue is a Reflected XSS vulnerability. It can be exploited via a "namespaces/default/formats" URI. **Recommendations** For Ververica Platform version 2.14.0, consider restricting access to the "namespaces/default/formats" URI until a patch is available. As a temporary workaround, avoid using the vulnerable URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ververica Platform version 2.14.0 **Description** The issue allows low-privileged users to access SQL connectors via a direct "namespaces/default/formats" request. **Recommendations** For Ververica Platform version 2.14.0, consider restricting access to the "namespaces/default/formats" endpoint to prevent low-privileged users from accessing SQL connectors until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** The issue allows attackers to execute arbitrary code via the Name field in the device-roles/add function, which is a Cross Site Scripting (XSS) vulnerability. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Netbox version 3.5.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the device-roles/add function to minimize the risk of exploitation. Avoid using the Name field in the device-roles/add function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. **Recommendations** For WBCE CMS version 1.5.4, consider disabling the Search Settings module until a patch is available. Restrict access to the Results Footer field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Modify Page module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Source` field. **Recommendations** For WBCE CMS version 1.5.4, consider disabling the Modify Page module until a patch is available to prevent exploitation of the XSS issue. Restrict access to the Source field in the Modify Page module to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Overview Page settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Post Loop` field. This enables the execution of malicious code on the client-side. **Recommendations** For WBCE CMS version 1.5.4, as a temporary workaround, consider restricting access to the Overview Page settings module until a patch is available. Avoid using the `Post Loop` field in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Footer` field. **Recommendations** For WBCE CMS version 1.5.4, consider disabling the Search Settings module until a patch is available. Restrict access to the Footer field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Show Advanced Option module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Section Header` field. **Recommendations** For WBCE CMS version 1.5.4, consider disabling the Show Advanced Option module until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Section Header field to minimize the risk of malicious payload injection.

**Name of the Vulnerable Software and Affected Versions** WBCE CMS version 1.5.4 **Description** A cross-site scripting (XSS) issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. **Recommendations** For WBCE CMS version 1.5.4, update to a version that fixes this issue, as using a crafted payload in the Results Header field can lead to the execution of arbitrary web scripts or HTML.