Joyghoshs

**Name of the Vulnerable Software and Affected Versions** Adminer versions prior to 5.4.2 **Description** Adminer is database management software. Versions 5.4.1 and earlier have a flawed version check process. The `adminer.org` domain sends signed version information via JavaScript postMessage, which is then sent by the browser to the ''?script=version'' endpoint. This endpoint does not validate the origin of the POST request, allowing attackers to send a crafted `version[]` parameter. PHP interprets this parameter as an array, which causes a TypeError when passed to the `openssl verify()` function, resulting in an HTTP 500 error for all users. **Recommendations** Upgrade to Adminer version 5.4.2.

**Name of the Vulnerable Software and Affected Versions** OrcaStatLLM Researcher (affected versions not specified) **Description** A stored cross-site scripting (XSS) issue exists in the Log Message within the Session Page of OrcaStatLLM Researcher. This allows attackers to inject and execute arbitrary JavaScript code into the browsers of those affected. The attack vector involves providing malicious research topic inputs. The application is an LLM-based research paper generator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.