Kang Bong Goo

**Name of the Vulnerable Software and Affected Versions** MONITORAPP WAF (affected versions not specified) **Description** A Reflected Cross-Site Scripting (XSS) issue exists where script can be executed when responding to Request URL information. This occurs because the system provides a function to respond to Request URL information when blocking, allowing for potential script execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DEXT5 Editor versions through 3.5.1402961 **Description** The issue allows an attacker to download arbitrary files. This is achieved by exploiting the `savefilepath` field in the `handler/upload handler.jsp` file. **Recommendations** For versions through 3.5.1402961, restrict access to the `handler/upload handler.jsp` file to minimize the risk of exploitation. Avoid using the `savefilepath` field in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DEXT5 versions through 2.7.1402870 **Description** A remote code execution issue exists due to a vulnerability in DEXT5Upload. This allows an attacker to upload a PHP file via the "dext5handler.jsp" handler, as the uploaded file is stored under "dext5uploadeddata/". **Recommendations** For versions through 2.7.1402870, consider restricting access to the "dext5handler.jsp" handler to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict the execution of PHP files in the "dext5uploadeddata/" directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.