Hrvoje Filakovic

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue allows a remote attacker, who is a publisher or admin, to obtain access to all records stored in the database and execute arbitrary SQL commands via Search, specifically through the `flt` parameter in the "StatisticsResults.aspx" page. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the StatisticsResults.aspx page or disabling the `flt` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** A Reflected Cross-Site Scripting (XSS) issue exists via any metadata filter field, for example, when searching within Default.aspx using the `r` or `fo` parameter. This allows for malicious scripts to be reflected off the server, potentially leading to the execution of unwanted actions on the client-side. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to metadata filter fields or disabling the search functionality within Default.aspx until the update can be applied. Avoid using the `r` or `fo` parameters in the Default.aspx search function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue allows attackers to call restricted functions and perform unauthenticated uploads via the "Upload2.ashx" endpoint or access content uploaded by other users through "View.aspx" after using "Ajax.asmx/SaveGrantAccessList". **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Upload2.ashx" endpoint and limiting the use of "Ajax.asmx/SaveGrantAccessList" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue involves multiple Stored Cross-Site Scripting (XSS) vulnerabilities in various components, including Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as the Search Function, Comments, and Content Creation, until a patch is applied. Avoid using the affected features, including Batch editing tool, Related Media, Create new user, and Change Username, until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the `ON` cookie. A brute-force attack can calculate a value that provides permanent access. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ON` cookie to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue allows directory traversal to read arbitrary local files through the GetFile.aspx page. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetFile.aspx page until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Planet eStream versions prior to 6.72.10.07 **Description** The issue discloses sensitive information related to the `ON` cookie, which can be found in the HTML source code for "Default.aspx" in certain situations, and the "WhoAmI" endpoint, which can lead to path disclosure. **Recommendations** For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "WhoAmI" endpoint and limiting the exposure of the `ON` cookie in the HTML source code for "Default.aspx" until a patch is applied.