Ilovepepperoni

**Name of the Vulnerable Software and Affected Versions** InnoShop versions 0.3.8 and below **Description** The issue concerns Cross Site Scripting (XSS) via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files, leading to the execution of unauthorized code on the client-side. **Recommendations** For InnoShop versions 0.3.8 and below, consider disabling SVG file uploads until a patch is available to prevent potential Cross Site Scripting (XSS) attacks. Restrict access to the file upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ever Traduora versions 0.20.0 and below **Description** The issue is related to the use of a hard-coded JWT signing key, which allows for privilege escalation. This means that an attacker could potentially gain higher privileges than intended, compromising the security of the system. **Recommendations** For Ever Traduora versions 0.20.0 and below, consider disabling the use of JWT signing keys until a patch is available. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python reverse shell payloads to achieve Remote Command Execution (RCE). The vulnerability occurs because PyMOL treats .PYM files as Python scripts without proper validation or restriction of the commands within the script, allowing attackers to run unauthorized commands in the context of the user running the application. Recommendations: For PyMOL version 2.5.0, consider disabling the "Run Script" function until a patch is available to prevent the execution of arbitrary Python code. Restrict access to .PYM files to minimize the risk of exploitation. Avoid using .PYM files that contain potentially malicious Python code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.