Jayateertha Guruprasad

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An inappropriate implementation in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin, by using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine Endpoint Central versions prior to 11.3.2406.08 Zohocorp ManageEngine Endpoint Central versions prior to 11.3.2400.15 **Description** The issue is related to an incorrect authorization vulnerability when isolating devices in Zohocorp ManageEngine Endpoint Central. **Recommendations** For versions prior to 11.3.2406.08, update to version 11.3.2406.08 or later. For versions prior to 11.3.2400.15, update to version 11.3.2400.15 or later. As a temporary workaround, consider restricting access to the device isolation feature until a patch is available.

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14.8.20 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14.8.20 Zoho ManageEngine SupportCenter Plus versions prior to 14.8.20 Zoho ManageEngine Endpoint Central versions prior to 11.3.2416.04 and prior to 11.3.2400.25 Description: The issue is related to a stored cross-site scripting vulnerability due to authorization mechanism weaknesses. This can allow a remote attacker to conduct an XSS attack. Recommendations: For Zoho ManageEngine ServiceDesk Plus versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine SupportCenter Plus versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine Endpoint Central versions prior to 11.3.2416.04 and prior to 11.3.2400.25, update to version 11.3.2416.04 or version 11.3.2400.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 107 **Description** The issue is related to the handling of HTML file downloads. If the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension. This could lead to possible system compromise if the downloaded file was later executed. The vulnerability is also associated with a lack of restrictions on file uploads, which could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 107, update to version 107 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the 'Save As' feature for HTML files until a patch is applied. Restrict access to downloaded files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** express-xss-sanitizer versions prior to 1.1.3 **Description** The issue allows attackers to bypass xss sanitization due to Prototype Pollution via the `allowedTags` attribute. This enables the attacker to exploit the vulnerability, potentially leading to security breaches. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `allowedTags` attribute until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** x-assign versions all **Description** The issue affects the global proto object, which can be polluted using the ` proto ` object. This allows for potential manipulation of the object's properties. **Recommendations** For all versions, consider restricting access to the ` proto ` object as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** @cookiex/deep versions prior to 0.0.7 **Description** The issue allows pollution of the global proto object using the proto object. This can potentially lead to unintended behavior or security issues in applications that use the @cookiex/deep package. **Recommendations** For versions prior to 0.0.7, update to version 0.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the proto object in your application to minimize the risk of exploitation.