Jc175

**Name of the Vulnerable Software and Affected Versions** HireVue Hiring Platform version V1.0 **Description** The issue concerns the use of a broken or risky cryptographic algorithm. However, this is disputed by the vendor due to inconsistencies with CVE ID assignment rules for cloud services and the non-existence of a product with version V1.0. The vendor has removed the rail-fence cipher and now uses TLS 1.2 for encryption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arox School ERP Pro version 1.0 **Description** A cross-site scripting (XSS) issue was found in Arox School ERP Pro via the `dispatchcategory` parameter in backoffice.inc.php. This allows for potential malicious script execution. **Recommendations** For Arox School ERP Pro version 1.0, consider restricting access to the `dispatchcategory` parameter in backoffice.inc.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.