Luka Safonov

**Name of the Vulnerable Software and Affected Versions** Apache Jena Fuseki versions 2.0.0 through 4.0.0 **Description** A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. **Recommendations** For versions 2.0.0 through 4.0.0, consider disabling javascript execution on HTML pages as a temporary workaround until a patch is available. Restrict access to the HTML pages of Apache Jena Fuseki to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Blinger.io version 1.0.2519 Description: The issue allows an attacker to send arbitrary JavaScript code via various communication channels, including Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This code is mishandled within the administration panel, specifically in the conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed sections. Recommendations: For Blinger.io version 1.0.2519, as a temporary workaround, consider restricting access to the administration panel's conversation sections until a patch is available. Avoid using the built-in communication channels for sensitive conversations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OLIMPOKS versions under 3.3.39 **Description** The issue allows a remote attacker to inject malicious JavaScript payload into a victim's browser, potentially stealing administrator cookies, influencing HTML content, and performing phishing attacks. This affects over 3000 organizations across various sectors. The vulnerability is related to the lack of protection for the web page structure, allowing an attacker to execute arbitrary code. **Recommendations** For versions under 3.3.39, update to version 3.3.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable application to minimize the risk of exploitation.