Luca_Irinel

**Name of the Vulnerable Software and Affected Versions** ZKTeco BioTime versions 9.0.3 through 9.0.4 ZKTeco BioTime version 9.5.2 **Description** A security issue exists in ZKTeco BioTime related to the storage of credentials. Manipulation of the `backup encryption password decrypt`/`export encryption password decrypt` argument within the Endpoint component, specifically concerning the file `/base/safe setting/`, can lead to unprotected storage of credentials. Remote exploitation is possible. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond. **Recommendations** ZKTeco BioTime versions 9.0.3 and 9.0.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ZKTeco BioTime version 9.5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mayan EDMS versions up to 4.10.1 **Description** A cross-site scripting issue exists in Mayan EDMS. The issue is located in an unknown function within the /authentication/ component and can be exploited remotely. The exploit is publicly available. **Recommendations** Upgrade to version 4.10.2 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Mayan EDMS versions up to 4.10.1 **Description** A flaw exists in Mayan EDMS that allows for an open redirect. The issue is located in an unknown function within the /authentication/ file. This manipulation can be initiated remotely. **Recommendations** Upgrade to version 4.10.2 to resolve this issue.