Jake Murphy

**Name of the Vulnerable Software and Affected Versions** RelativityOne versions 12.1.537.3 Patch 2 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the `name` parameter. This enables the attacker to potentially gain unauthorized access and control over the system. **Recommendations** For RelativityOne versions 12.1.537.3 Patch 2 and earlier, consider restricting access to the `name` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Genesys PureConnect Interaction Web Tools Chat Service versions prior to at least 26-September-2019 **Description** The issue allows XSS within the Printable Chat History via the `participant -> name` JSON POST parameter. This enables potential attackers to inject malicious scripts into the chat history, which could lead to unauthorized actions or data exposure. **Recommendations** For Genesys PureConnect Interaction Web Tools Chat Service versions prior to at least 26-September-2019, as a temporary workaround, consider restricting access to the Printable Chat History feature until a patch is available. Additionally, avoid using the `participant -> name` JSON POST parameter in the affected service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.