L4Rm4Nd

**Name of the Vulnerable Software and Affected Versions** MiroTalk P2P versions before commit f535b35 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Name` parameter under the settings module. This enables attackers to potentially manipulate the application's behavior or steal user data. **Recommendations** For versions before commit f535b35, consider restricting access to the settings module until a patch is available. As a temporary workaround, avoid using the `Name` parameter in the settings module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nginx Proxy Manager versions prior to 2.9.17 **Description** The issue exists due to inadequate protection of the web page structure in the proxy manager. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability allows for XSS during item deletion. **Recommendations** For versions prior to 2.9.17, update to version 2.9.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the item deletion functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Papermerge versions prior to 1.5.2 **Description** Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `rename`, `tag`, `upload`, or `create folder` function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application, requiring no authentication to exploit XSS. Otherwise, authentication is required. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider disabling the `rename`, `tag`, `upload`, or `create folder` functions until a patch is available. Restrict access to email consumption in Papermerge to minimize the risk of exploitation. Avoid using potentially malicious documents or filenames in the affected functions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DragonByte vBSecurity versions 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 **Description** The issue allows self-XSS via the `user agent` variable in the "Login Sessions" feature. This occurs in the library/DBTech/Security/Action/Sessions.php file. **Recommendations** For DragonByte vBSecurity versions 3.x through 3.3.0, consider restricting access to the "Login Sessions" feature until a fix is available. As a temporary workaround, avoid using the `user agent` variable in the affected feature to minimize the risk of exploitation.