Haxpunk1337

**Name of the Vulnerable Software and Affected Versions** MicroStrategy Enterprise Manager version 2022 **Description** The issue allows authentication bypass by triggering a login failure and then entering a specific substring for directory traversal. This can be achieved by entering `Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd= any password &ConnMode=1&3054=Login`. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For MicroStrategy Enterprise Manager version 2022, consider disabling the login functionality until a patch is available. Restrict access to the login endpoint to minimize the risk of exploitation. Avoid using the `Uid` and `Pwd` parameters in the affected login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Survey Sparrow Enterprise Survey Software 2022 **Description** The issue is related to a Stored cross-site scripting (XSS) vulnerability. This vulnerability is located in the `Signup` parameter. **Recommendations** For Survey Sparrow Enterprise Survey Software 2022, consider restricting access to the `Signup` parameter until a fix is available. Avoid using the `Signup` parameter in a way that could allow malicious input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Survey Sparrow Enterprise Survey Software 2022 **Description** The issue is related to a Reflected cross-site scripting (XSS) vulnerability in the `test` parameter. This allows for potential malicious script injection and execution. **Recommendations** For Survey Sparrow Enterprise Survey Software 2022, as a temporary workaround, consider restricting access to the vulnerable `test` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MDaemon versions prior to 22.0.0 **Description** An Authenticated Reflected Cross-site scripting issue was discovered at the CC Parameter. This issue affects MDaemon and can be exploited when a user is authenticated. **Recommendations** For versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CC Parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MDaemon versions prior to 22.0.0 **Description** An Authenticated Reflected Cross-site scripting issue was discovered at the `BCC` parameter. **Recommendations** For versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `BCC` parameter to minimize the risk of exploitation.