Lars Neumann

Name of the Vulnerable Software and Affected Versions: Deutsche Post Mailoptimizer versions prior to 2020-11-09 Description: The issue allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component, potentially leading to remote code execution. Recommendations: For versions prior to 2020-11-09, update to a version released after 2020-11-09 to resolve the issue. As a temporary workaround, consider restricting access to the Upload feature and the MO Connect component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NeoPost Mail Accounting Software Pro version 5.0.6 **Description** The issue allows for XSS in the php/Commun/FUS SCM BlockStart.php endpoint, specifically through the `code` parameter. **Recommendations** For NeoPost Mail Accounting Software Pro version 5.0.6, avoid using the `code` parameter in the php/Commun/FUS SCM BlockStart.php endpoint until the issue is resolved.