Kkc73

**Name of the Vulnerable Software and Affected Versions** ThingsBoard version 4.3.0.1 **Description** An authentication bypass exists during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the `user` parameter of the '/login/oauth2/code/' endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials, resulting in a complete account takeover. Over 14,000 devices were identified as potentially affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aureus ERP versions up to 1.3.0-BETA2 **Description** A flaw exists in Aureus ERP that could allow for cross site scripting. The issue is located in an unknown function within the file `plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php` of the Chatter Message Handler component. Manipulating the `subject` or `body` argument can trigger the issue, and the attack can be initiated remotely. **Recommendations** Upgrade to version 1.3.0-BETA1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Runtipi versions 4.5.0 through 4.7.1 **Description** Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal issue exists in the `UserConfigController`. This allows a remote user to overwrite the system's `docker-compose.yml` configuration file by exploiting insecure URN parsing. An attacker can replace the primary stack configuration with a malicious one, leading to full Remote Code Execution (RCE) and host filesystem compromise when the instance is restarted by the operator. The vulnerable component is the `UserConfigController`. The vulnerable file is `docker-compose.yml`. **Recommendations** Versions prior to 4.7.2 are affected. Update to version 4.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** Runtipi versions 3.7.0 through 4.6.9 **Description** Runtipi is a Docker-based, personal homeserver orchestrator. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server. This occurs because the BackupManager does not sanitize filenames of uploaded backups, leading to the persistence of user-uploaded files directly to the host filesystem using the original filename provided in the request. An attacker can stage a file containing shell metacharacters at a predictable path, which is then referenced during the restore process, allowing for command execution. The `BackupManager` is the component affected. The vulnerable operation involves the storage and restoration of backup files. **Recommendations** Update to version 4.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** FormCms version 0.5.4 **Description** An access control issue exists in FormCms version 0.5.4. An unauthenticated attacker can access historical schema data via the `/api/schemas/history/[schemaId]` API endpoint if a valid `schemaId` is known or guessed. **Recommendations** Apply a fix for FormCms version 0.5.4 to address the improper access control.

**Name of the Vulnerable Software and Affected Versions** openml/openml.org web application version v2.0.20241110 **Description** The web application exhibits a flaw where insufficient email ownership verification during email update workflows, combined with incremental user IDs, allows an authenticated attacker to update their email address to that of another user with a higher user ID without proper verification. This results in the victim’s email being reassigned to the attacker’s account, leading to immediate account lockout for the victim and preventing them from logging in. The issue causes a denial of service through account lockout and does not provide the attacker with direct access to the victim’s private data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartstore versions prior to 6.2.1 **Description** A race condition exists in the Gift Voucher Handler component of Smartstore. The issue is located in an unknown function within the `/checkout/confirm/` file. The attack can be initiated remotely and is considered difficult to exploit, with high complexity. The vendor was contacted regarding this issue but did not respond. **Recommendations** Update Smartstore to version 6.2.1 or later.

Name of the Vulnerable Software and Affected Versions: GrandNode versions prior to 2.3.0 Description: A flaw exists in GrandNode up to version 2.3.0 within the Voucher Handler component, specifically in the `/checkout/ConfirmOrder/` file. Manipulation of the `giftvouchercouponcode` argument can trigger a race condition. This issue is remotely exploitable but requires a high level of complexity and is considered difficult to exploit. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Update to a version later than 2.3.0.

**Name of the Vulnerable Software and Affected Versions** FormCms version 0.5.5 **Description** FormCms version 0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload `.html` files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.