Letmewin

**Name of the Vulnerable Software and Affected Versions** Public Knowledge Project pkp-lib versions 3.4.0-7 and earlier **Description** The issue is related to an Open redirect vulnerability due to a lack of input sanitization in the logout function. **Recommendations** For Public Knowledge Project pkp-lib versions 3.4.0-7 and earlier, consider updating to a newer version to mitigate the risk, however at the moment there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the logout function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FactoMineR FactoInvestigate versions up to 1.9 **Description** A problematic vulnerability was found in the HTML Report Generator component of FactoMineR FactoInvestigate, leading to cross-site scripting. The manipulation can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For FactoMineR FactoInvestigate versions up to 1.9, consider disabling the HTML Report Generator component until a patch is available. Restrict access to the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.