John Pettitt

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12 watchOS versions prior to 5 Safari versions prior to 12 iTunes for Windows versions prior to 12.9 iCloud for Windows versions prior to 7.7 **Description** A cross-origin issue existed with "iframe" elements. This issue was addressed with improved tracking of security origins. **Recommendations** For iOS versions prior to 12, update to version 12 or later. For watchOS versions prior to 5, update to version 5 or later. For Safari versions prior to 12, update to version 12 or later. For iTunes for Windows versions prior to 12.9, update to version 12.9 or later. For iCloud for Windows versions prior to 7.7, update to version 7.7 or later.

**Name of the Vulnerable Software and Affected Versions** Simplenews Statistics versions prior to 6.x-2.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 6.x-2.0, update to version 6.x-2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Simplenews Statistics versions prior to 6.x-2.0 **Description** The issue allows remote attackers to hijack the authentication of arbitrary users via unknown vectors due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For versions prior to 6.x-2.0, update to version 6.x-2.0 or later to resolve the issue.