Iamleandrooooo

**Name of the Vulnerable Software and Affected Versions** Frappe HR versions prior to 15.58.1 Frappe HR versions prior to 16.4.1 **Description** An authenticated user with a default role can access unauthorized information by exploiting a certain api endpoint in this open-source human resources management solution. **Recommendations** Update to version 15.58.1 Update to version 16.4.1

**Name of the Vulnerable Software and Affected Versions** InvoicePlane versions prior to 1.7.1 **Description** InvoicePlane is an open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) issue exists that allows an authenticated user with the necessary permissions to manage Invoice Groups to inject malicious JavaScript into the “Identifier Format” field. This injected script will execute when any user views the invoice list or the main dashboard. The vulnerable field is the `Identifier Format` field within Invoice Groups. **Recommendations** Update to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** InvoicePlane versions prior to 1.7.1 **Description** InvoicePlane is an open source application used for managing invoices, clients, and payments. A stored cross-site scripting (XSS) issue exists in the Sumex invoice view. An authenticated user with client and invoice management privileges can execute arbitrary JavaScript in the browser of any user viewing the invoice. This could potentially lead to session hijacking or data theft on behalf of the victim user. The vulnerable component is the Sumex invoice view. **Recommendations** Update to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Known versions prior to 1.6.3 Known version 1.6.2 **Description** A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an unauthenticated attacker to obtain the reset token for any user by querying the user's email, leading to full Account Takeover (ATO) without needing access to the victim's email inbox. The vulnerable page is accessible via a GET request using the victim’s email as a parameter. The sensitive token is embedded in an HTML input field with the name 'code'. The attacker can programmatically extract the token using a tool like curl. This allows the attacker to reset the victim's password and gain access to the account. This issue can lead to a total loss of Confidentiality, Integrity, and Availability, including the compromise of administrative accounts. **Recommendations** Update to version 1.6.3 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Outsystems versions prior to 3.1.0 **Description** The issue arises because file extension and size validations are enforced solely on the client side in the Outsystems Multiple File Upload feature. This allows an attacker to intercept the upload request, modify the parameter, bypass extension restrictions, and upload arbitrary files. **Recommendations** For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider implementing server-side validation for file extensions and sizes to prevent unrestricted file uploads.