Kousuke Ebihara

Name of the Vulnerable Software and Affected Versions: opWebAPIPlugin versions 0.1.0 through 0.5.1 Description: The issue concerns XXE vulnerabilities. No further details are provided about the nature of the vulnerabilities, affected devices, or real-world incidents. Recommendations: For opWebAPIPlugin version 0.1.0, update to a version that addresses the XXE vulnerabilities. For opWebAPIPlugin version 0.4.0, update to a version that addresses the XXE vulnerabilities. For opWebAPIPlugin version 0.5.1, update to a version that addresses the XXE vulnerabilities.

Name of the Vulnerable Software and Affected Versions: OpenPNE 3 versions 3.0.8.5, 3.2.7.6, 3.4.21.1, 3.6.11, 3.8.7 Description: The issue is an External Entity Injection, which may allow unauthorized access to sensitive data. Recommendations: For OpenPNE 3 version 3.0.8.5, update to a version that contains a fix for this issue. For OpenPNE 3 version 3.2.7.6, update to a version that contains a fix for this issue. For OpenPNE 3 version 3.4.21.1, update to a version that contains a fix for this issue. For OpenPNE 3 version 3.6.11, update to a version that contains a fix for this issue. For OpenPNE 3 version 3.8.7, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Shindig version 2.5.0 **Description** The issue allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the gadget renderer. **Recommendations** For Apache Shindig version 2.5.0, consider disabling the gadget renderer or restricting its use until a patch is available to prevent exploitation of the XXE issue.

**Name of the Vulnerable Software and Affected Versions** PHP OpenID Library version 2.2.2 and earlier **Description** The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. **Recommendations** For PHP OpenID Library version 2.2.2 and earlier, update to a version later than 2.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OSQA versions prior to 1234 OSQA version 0.9.0 Beta 3 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted URI vectors. **Recommendations** For OSQA versions prior to 1234, update to version 1234 or later. For OSQA version 0.9.0 Beta 3 and earlier, update to a version later than 0.9.0 Beta 3.

**Name of the Vulnerable Software and Affected Versions** Redmine versions prior to 1.3.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue.