Luigi Gubello

**Name of the Vulnerable Software and Affected Versions** Newton application versions prior to 10.0.24 **Description** The issue allows for cross-site scripting (XSS) via an event attribute and arbitrary file loading via a src attribute. This can occur if the application has the READ EXTERNAL STORAGE permission. **Recommendations** For Newton application versions prior to 10.0.24, update to version 10.0.24 or later to resolve the issue. As a temporary workaround, consider revoking the READ EXTERNAL STORAGE permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Spark application versions 2.0.2 and earlier **Description** The issue allows for cross-site scripting (XSS) via an event attribute and arbitrary file loading via a src attribute, provided the application has the READ EXTERNAL STORAGE permission. **Recommendations** For Spark application versions 2.0.2 and earlier, consider disabling the READ EXTERNAL STORAGE permission as a temporary workaround until a patch is available. Restrict access to event attributes and src attributes in the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TypeApp versions 1.9.5.35 and earlier **Description** The issue allows for XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ EXTERNAL STORAGE permission. **Recommendations** For TypeApp versions 1.9.5.35 and earlier, consider disabling the READ EXTERNAL STORAGE permission to minimize the risk of exploitation until a patch is available. Restrict access to event attributes and src attributes in the application to prevent XSS and arbitrary file loading.

**Name of the Vulnerable Software and Affected Versions** Edison Mail versions 1.7.1 and earlier **Description** The issue allows for XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ EXTERNAL STORAGE permission. **Recommendations** For Edison Mail versions 1.7.1 and earlier, consider disabling the READ EXTERNAL STORAGE permission as a temporary workaround until a patch is available. Restrict access to event attributes and src attributes in the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlueMail versions 1.9.5.36 and earlier **Description** The issue allows for XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ EXTERNAL STORAGE permission. **Recommendations** For BlueMail versions 1.9.5.36 and earlier, consider disabling the READ EXTERNAL STORAGE permission as a temporary workaround to minimize the risk of exploitation. Restrict access to event attributes and src attributes in the application to prevent XSS and arbitrary file loading.

**Name of the Vulnerable Software and Affected Versions** The Nine application versions 4.5.3a and earlier **Description** The issue allows for XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ EXTERNAL STORAGE permission. **Recommendations** For versions 4.5.3a and earlier, consider disabling the READ EXTERNAL STORAGE permission as a temporary workaround until a patch is available. Restrict access to event attributes and src attributes in the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 Firefox ESR versions prior to 60.8 Thunderbird versions prior to 60.8 **Description** A vulnerability exists where opening a locally saved HTML file can allow access to other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may be uploaded to a server. This issue can be exploited in combination with a popular Android messaging app to read attachments the victim received from other correspondents. **Recommendations** For Firefox versions prior to 68, update to version 68 or later to resolve the issue. For Firefox ESR versions prior to 60.8, update to version 60.8 or later to resolve the issue. For Thunderbird versions prior to 60.8, update to version 60.8 or later to resolve the issue. As a temporary workaround, consider avoiding opening locally saved HTML files from untrusted sources until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DVA-5592 version A1 WI 20180823 **Description** An issue was discovered related to the default Parental Control PIN. If the PIN of the page "/ui/cbpc/login" is the default (0000), it is possible to bypass the login form by editing the path of the cookie `sid` generated by the page. This allows an attacker to access the router control panel with administrator privileges. The vulnerability is associated with the use of the predefined PIN code and can be exploited by a remote attacker to bypass authentication and gain access to the router's control panel with administrator privileges. **Recommendations** For D-Link DVA-5592 version A1 WI 20180823, consider changing the default Parental Control PIN to a unique value to prevent exploitation. As a temporary workaround, restrict access to the "/ui/cbpc/login" page to minimize the risk of unauthorized access. Avoid using the default PIN code for the `sid` cookie to prevent bypassing the login form. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Live Chat Support plugin versions prior to 8.0.06 **Description** The issue is related to stored XSS via the `Name` field. **Recommendations** For versions prior to 8.0.06, update to version 8.0.06 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Events Manager plugin versions prior to 5.8.1.2 **Description** The issue allows for XSS via the `mapTitle` parameter in the Google Maps miniature within the events-manager.js file. **Recommendations** For versions prior to 5.8.1.2, update to version 5.8.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the events-manager.js file or avoiding the use of the `mapTitle` parameter in the Google Maps miniature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Bookly #1 WordPress Booking Plugin Lite versions prior to 14.5 **Description** The issue concerns a cross-site scripting (XSS) flaw. It is triggered by a jQuery.ajax request to the `ng-payment details dialog.js` file. **Recommendations** For Bookly #1 WordPress Booking Plugin Lite versions prior to 14.5, update to version 14.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GD bbPress Attachments plugin versions prior to 2.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `tab` parameter in the `gdbbpress attachments` page to `wp-admin/edit.php`. **Recommendations** For GD bbPress Attachments plugin versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `gdbbpress attachments` page in `wp-admin/edit.php` to minimize the risk of exploitation. Avoid using the `tab` parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GD bbPress Attachments plugin versions prior to 2.3 **Description** The issue allows remote administrators to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the `tab` parameter in the "gdbbpress attachments" page to "wp-admin/edit.php". **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "gdbbpress attachments" page in "wp-admin/edit.php" to minimize the risk of exploitation. Avoid using the `tab` parameter in the affected page until the issue is resolved.