Huriye Özdemir

**Name of the Vulnerable Software and Affected Versions** Vagrant VMWare Utility version 1.0.23 and earlier **Description** The Vagrant VMWare Utility Windows installer has a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. **Recommendations** For versions prior to 1.0.23, update to Vagrant VMWare Utility version 1.0.23 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire version 4.4.1 **Description** The issue allows for XSS via the `serverURL` parameter in the "setup/setup-datasource-standard.jsp" API endpoint. This was fixed in a later version. **Recommendations** For Ignite Realtime Openfire version 4.4.1, update to version 4.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the "setup/setup-datasource-standard.jsp" endpoint to minimize the risk of exploitation. Avoid using the `serverURL` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire version 4.4.1 **Description** The issue allows for cross-site scripting (XSS) attacks via the "setup/setup-datasource-standard.jsp" endpoint, specifically through the `username` parameter. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the page. The issue was fixed in a later version. **Recommendations** For Ignite Realtime Openfire version 4.4.1, update to version 4.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the "setup/setup-datasource-standard.jsp" endpoint or avoiding the use of the `username` parameter in this context until the update can be applied.