Julien Cayssol

**Name of the Vulnerable Software and Affected Versions** Hastymail2 versions prior to 1.01 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element. This is related to the improper use of the htmLawed filter. **Recommendations** For versions prior to 1.01, update to version 1.01 or later to resolve the issue. As a temporary workaround, consider restricting the use of the background attribute within TABLE elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Centreon versions 1.4.2.3 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `img` parameter of the include/doc/get image.php file. **Recommendations** For Centreon versions 1.4.2.3 and earlier, consider restricting access to the include/doc/get image.php file until a fix is available. As a temporary workaround, avoid using the `img` parameter in the affected file to minimize the risk of exploitation.