Jianyang Song

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** Improper neutralization of special elements in output used by a downstream component in Copilot Chat allows an unauthorized attacker to disclose information over a network. This is an injection issue where the AI sidebar can be used to leak data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Machine Learning (affected versions not specified) **Description** Improper neutralization of input during web page generation in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. This issue is a form of cross-site scripting (XSS), which occurs when an application includes untrusted data in a web page without proper validation or encoding. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Cosmos DB (affected versions not specified) **Description** An issue exists in Azure Cosmos DB related to improper neutralization of input during web page generation, leading to a cross-site scripting condition. This allows an unauthorized attacker to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.