Imaoka Ryo

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst 2940 Series Switches versions prior to 12.2(50)SY **Description** The issue exists due to inadequate protection of the web page structure, allowing for a reflected cross-site scripting attack. This can enable a remote attacker to execute an arbitrary script on the user's web browser. The affected devices have been retired since January 2015. **Recommendations** For versions prior to 12.2(50)SY, update to version 12.2(50)SY or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of the Cisco Catalyst 2940 Series Switches to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ELECOM LAN router WRC-2533GHBK-I versions 1.20 and prior Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Recommendations: For ELECOM LAN router WRC-2533GHBK-I versions 1.20 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELECOM LAN router WRC-2533GHBK-I versions 1.20 and prior Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Recommendations: For ELECOM LAN router WRC-2533GHBK-I versions 1.20 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.