Jansen Moreira

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** The issue allows a remote attacker to obtain sensitive information via the "serverMFinDev.asmx" function. This is a Cross Site Scripting vulnerability. **Recommendations** For openPetra version 2023.02, consider restricting access to the "serverMFinDev.asmx" function until a patch is available. As a temporary workaround, avoid using the function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** The issue allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. This is a Cross Site Scripting vulnerability. **Recommendations** For openPetra version 2023.02, consider disabling access to the serverMServerAdmin.asmx function until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** The issue allows a remote attacker to obtain sensitive information. It is related to a Cross Site Scripting vulnerability via the `serverMReporting.asmx` function. **Recommendations** For openPetra version 2023.02, consider restricting access to the `serverMReporting.asmx` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to obtain sensitive information via the `serverMHospitality.asmx` function. This enables the attacker to access sensitive data. **Recommendations** For openPetra version 2023.02, as a temporary workaround, consider disabling the `serverMHospitality.asmx` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to obtain sensitive information. The attacker can exploit this via the "serverMPersonnel.asmx" function. **Recommendations** For openPetra version 2023.02, as a temporary workaround, consider restricting access to the "serverMPersonnel.asmx" function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openPetra version 2023.02 **Description** A Cross Site Scripting (XSS) issue is present in the software, allowing a remote attacker to obtain sensitive information. The `serverMConference.asmx` function is affected. **Recommendations** For openPetra version 2023.02, consider disabling the `serverMConference.asmx` function until a patch is available to prevent potential exploitation.