Hagai Wechsler

**Name of the Vulnerable Software and Affected Versions** Mattermost Boards plugin versions 0.10.0 and earlier **Description** The issue allows an attacker to reuse an old session token for authorization because the session is not properly invalidated on the server-side when a user logs out of Boards. **Recommendations** For Mattermost Boards plugin versions 0.10.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Ofbiz versions v17.12.01 through v17.12.07 **Description** The issue in Apache Ofbiz involves the implementation of a try-catch exception to handle errors at multiple locations, which results in leaking sensitive table information. This could aid an attacker in further reconnaissance. A user can register with a very long password, but attempting to log in with it causes an exception to occur. **Recommendations** For Apache Ofbiz versions v17.12.01 through v17.12.07, consider restricting the length of passwords to prevent exceptions that could leak sensitive information. As a temporary workaround, consider disabling the registration feature with very long passwords until a patch is available. Restrict access to sensitive table information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr versions 2.8.1 through 13.0.2 **Description** The issue allows a low privileged attacker to take over accounts via the password reset functionality. This is achieved by exploiting the password reset link sent to users via email when they request a forgotten password. **Recommendations** For versions 2.8.1 through 13.0.2, consider disabling the password reset functionality until a patch is available to prevent account takeover. Restrict access to the password reset link to minimize the risk of exploitation. Avoid using the password reset feature in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP CRM versions 2.8.1 through 13.0.2 **Description** The issue is related to a stored XSS vulnerability in the WYSIWYG Editor module. This vulnerability allows low-privileged application users to store malicious scripts in the `Private Note` field at the "/adherents/note.php?id=1" endpoint. When a victim opens the page containing the vulnerable field, the scripts are executed in their browser. In the worst-case scenario, the victim could be a highly privileged administrator, and the injected scripts can extract the Session ID, leading to full account takeover. Additionally, due to another vulnerability (Improper Access Control on Private notes), a low-privileged user can update private notes, which could lead to privilege escalation. **Recommendations** For versions 2.8.1 through 13.0.2, as a temporary workaround, consider disabling the WYSIWYG Editor module until a patch is available. Restrict access to the "/adherents/note.php?id=1" endpoint to minimize the risk of exploitation. Avoid using the `Private Note` field in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr versions 2.8.1 through 13.0.4 **Description** The issue is related to inadequate access control in the Dolibarr application, allowing a low-privileged attacker to modify the Private Note, which is only supposed to be accessible by administrators. The affected field is located at the "/adherents/note.php?id=1" endpoint. This could potentially impact the integrity of protected information. **Recommendations** For versions 2.8.1 through 13.0.4, consider restricting access to the "/adherents/note.php?id=1" endpoint to prevent unauthorized modification of the Private Note. As a temporary workaround, consider disabling the modification of Private Notes for low-privileged users until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.27 **Description** An issue was discovered in the imagelist view of com media, where inadequate escaping leads to a XSS vulnerability. **Recommendations** For versions 3.0.0 through 3.9.27, update to a version that includes the fix for the inadequate escaping issue in the imagelist view of com media to prevent XSS attacks.