John Mazzitelli

**Name of the Vulnerable Software and Affected Versions** OpenShift (affected versions not specified) **Description** A content spoofing flaw was found in OpenShift's OAuth endpoint, allowing a remote, unauthenticated attacker to inject text into a webpage. This enables the obfuscation of a phishing operation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kiali (affected versions not specified) **Description** A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.