Ivan

**Name of the Vulnerable Software and Affected Versions** Drupal JSON Field versions prior to 1.5 **Description** A flaw exists in Drupal JSON Field that allows for Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Drupal JSON Field to version 1.5 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.4.x before 8.4.5 **Description** The issue allows users with permission to post comments to view content and comments they do not have access to, and also to add comments to this content. This is mitigated by the requirement that the comment system must be enabled and the attacker must have permission to post comments. **Recommendations** For Drupal versions 8.4.x before 8.4.5, update to version 8.4.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** alchemist.vim (affected versions not specified) **Description** The issue concerns remote code execution in the alchemist-server bundled with Elixir's vim plugin, alchemist.vim. A malicious website can execute requests against an ephemeral port on localhost, which are then evaluated as Elixir code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.