Kushkira

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A vulnerability exists in Newgen OmniDocs that allows information disclosure. The issue is located in the file '/omnidocs/GetWebApiConfiguration' and involves manipulation of the `connectionDetails` argument. This is a remote attack with high complexity, but exploitation is considered difficult. The exploit is publicly available. Recommendations Update to a version beyond 12.0.00

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the `DocumentId` argument within the /omnidocs/WebApiRequestRedirection file. This can be exploited remotely. The exploit has been publicly released. Recommendations Update to a version beyond 12.0.00.

Name of the Vulnerable Software and Affected Versions: Freshwork versions up to 1.2.3 Description: A vulnerability exists in Freshwork that allows for open redirection. Manipulation of the `post logout redirect uri` argument in the `/api/v2/logout` file can be exploited remotely. The exploit has been publicly disclosed. Recommendations: Upgrade to version 1.2.3 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Eastnets PaymentSafe version 2.5.26.0 **Description** A problem has been found in Eastnets PaymentSafe, affecting some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider restricting access to the /Default.aspx file of the URL Handler component until a patch is available. Avoid using the vulnerable functionality of the URL Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eastnets PaymentSafe version 2.5.26.0 Description: A vulnerability was found in the BIC Search component of Eastnets PaymentSafe, which has been classified as problematic. The manipulation leads to cross-site scripting and can be initiated remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For Eastnets PaymentSafe version 2.5.26.0, as a temporary workaround, consider restricting access to the BIC Search component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Umbraco CMS versions prior to 10.8.8 Umbraco CMS versions prior to 13.5.3 Umbraco CMS versions prior to 14.3.2 Umbraco CMS versions prior to 15.1.2 **Description** A vulnerability was found in Umbraco CMS, classified as problematic. The issue affects an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument `culture` leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Authenticated users are able to exploit this XSS vulnerability when viewing previewed content. **Recommendations** Upgrade to version 10.8.8 to address this issue. Upgrade to version 13.5.3 to address this issue. Upgrade to version 14.3.2 to address this issue. Upgrade to version 15.1.2 to address this issue. As a temporary workaround, consider restricting access to the /Umbraco/preview/frame?id{} endpoint until a patch is available. Avoid using the `culture` argument in the affected API endpoint until the issue is resolved.