Hunter85

Name of the Vulnerable Software and Affected Versions: Hive Support versions 1.2.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a Stored XSS vulnerability, which means that malicious scripts are stored on the server and executed when a user accesses the affected web page. This allows attackers to inject malicious code into the web application, potentially leading to unauthorized access or data theft. Recommendations: For versions 1.2.2 and earlier, update to a version that fixes the Stored XSS vulnerability. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available. Avoid using potentially vulnerable web page generation functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arni Cinco WPCargo Track & Trace versions n/a through 7.0.6 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 7.0.6, update to a version later than 7.0.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Smartarget versions prior to 1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions on behalf of other users. Recommendations: For versions prior to 1.4, update to a version that includes the fix for this issue to prevent stored XSS attacks. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeBard Help Desk versions 1.1.2 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the web application, potentially leading to unauthorized access or control. **Recommendations** For CodeBard Help Desk versions 1.1.2 and earlier, update to a version that addresses the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeBard Help Desk versions prior to 1.1.2 **Description** The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting (XSS). This means an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions prior to 1.1.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the help desk to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CubeWP Forms – All-in-One Form Builder versions 1.1.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access due to the lack of proper security measures in place. **Recommendations** For versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeBard Help Desk versions n/a through 1.1.1 **Description** A Cross-Site Request Forgery (CSRF) issue exists in CodeBard Help Desk, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by tricking a user into performing an unintended action, potentially leading to security breaches. **Recommendations** For CodeBard Help Desk versions n/a through 1.1.1, consider implementing CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hive Support – WordPress Help Desk versions 1.1.2 and earlier Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized requests. This can lead to various security problems, as an attacker could potentially perform actions on behalf of a legitimate user without their knowledge or consent. Recommendations: For versions 1.1.2 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ICDSoft Reseller Store versions through 2.4.5 Description: The issue affects ICDSoft Reseller Store, allowing Reflected XSS due to improper neutralization of input during web page generation. This is a type of Cross-site Scripting vulnerability. Recommendations: For versions through 2.4.5, update to a version later than 2.4.5 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WordPress HelpDesk & Support Ticket System Plugin – Octrace Support versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versions 1.2.7 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Reflected XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kraft Plugins Wheel of Life versions 1.1.8 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This enables remote attacks due to the lack of authorization in Kraft Plugins Wheel of Life. **Recommendations** For versions 1.1.8 and earlier, upgrade to a newer version to patch this issue and harden security posture. As a temporary workaround, consider restricting access to the vulnerable plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CubeWP Forms – All-in-One Form Builder versions n/a through 1.1.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 1.1.1, update to a version that fixes the Stored XSS issue to prevent exploitation. As a temporary workaround, consider restricting input to prevent malicious code injection until a patch is available. Avoid using the vulnerable CubeWP Forms – All-in-One Form Builder until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WappPress versions through 6.0.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions through 6.0.4, update to a version later than 6.0.4 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.