Hesham Mahmoud

**Name of the Vulnerable Software and Affected Versions** IBM Maximo Asset Management version 7.6.1.3 **Description** This issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. The vulnerability can lead to unauthorized access and user impersonation. **Recommendations** For IBM Maximo Asset Management version 7.6.1.3, upgrade the affected component immediately to resolve the issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an authenticated, remote attacker to inject HTML content. This issue is due to improper validation of user-supplied data in element fields. An attacker could exploit this by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.