Kaan Gumus

**Name of the Vulnerable Software and Affected Versions** TE Informatics V5 versions before 6.2 **Description** The issue is related to Improper Neutralization of Script-Related HTML Tags in a Web Page, which allows Reflected XSS. This can be exploited to execute malicious scripts on the victim's browser. **Recommendations** For TE Informatics V5 versions before 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web page or disabling the execution of script-related HTML tags until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Digital Ant E-Commerce Software versions prior to 11 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions prior to 11, update to version 11 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Digital Ant E-Commerce Software versions prior to 11 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions prior to 11, update to version 11 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints until the issue is resolved.