Kevin Riva

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.20 **Description** The issue is related to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function, it is possible to change the `tplan id` parameter to another ID. The application does not carry out a check on the user's permissions, making it possible to recover the IDs of all the TestPlans, including administrative ones, and modify them even with minimal privileges. **Recommendations** For TestLink version 1.9.20, consider restricting access to the TestPlan editing section until a fix is available. As a temporary workaround, restrict the ability to modify the `tplan id` parameter to prevent unauthorized access to TestPlans. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TestLink versions prior to 1.9.20 **Description** The issue allows for Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. **Recommendations** For versions prior to 1.9.20, upgrade to the remediated version 1.9.20 Raijin to mitigate risks. As a temporary workaround, consider restricting the upload file functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Inpiazza Cloud WiFi versions prior to v4.2.17 **Description** The issue concerns the captive portal in Inpiazza Cloud WiFi, which does not enforce limits on the number of attempts for password recovery. This allows attackers to brute force valid user accounts, potentially gaining access to login credentials. **Recommendations** For Inpiazza Cloud WiFi versions prior to v4.2.17, update to version v4.2.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the password recovery feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Symphony version 7.3 **Description** The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking. **Recommendations** For IBM Spectrum Symphony version 7.3, consider disabling the HTTP header injection vulnerability by properly validating input by the HOST headers until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation.