Lassi

**Name of the Vulnerable Software and Affected Versions** HumHub version 1.18.0 **Description** HumHub is an Open Source Enterprise Social Network. A cross-site scripting issue exists in the Button component due to inconsistent output encoding. This allows for the injection and execution of malicious scripts within a user's browser. **Recommendations** Update to version 1.18.1.

**Name of the Vulnerable Software and Affected Versions** HumHub Calendar module versions prior to 1.8.11 **Description** The Calendar module for HumHub allows users to create and manage events. A stored cross-site scripting (XSS) issue exists in the Event Types functionality of the Calendar module for versions prior to 1.8.11. This impacts users viewing events created by an administrative account. The issue allows an attacker to inject malicious scripts into the application through the Event Types feature. The vulnerability is triggered when a user views events created by an administrative account. **Recommendations** Update to HumHub Calendar module version 1.8.11 or later.

**Name of the Vulnerable Software and Affected Versions** Invoice Ninja versions prior to 5.11.73 **Description** A flaw exists in the admin "Restore" function that allows attackers with admin credentials to execute arbitrary code on the server. This is possible through the upload of malicious `.php` files. The issue involves incorrect handling of uploaded files. **Recommendations** Update to version 5.11.73 or later.