M3N0Sd0N4Ld

**Name of the Vulnerable Software and Affected Versions** EmbedAI (affected versions not specified) **Description** A Stored Cross-Site Scripting issue has been found, allowing an authenticated attacker to inject malicious JavaScript code into a message that will be executed when a user opens the chat. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to show subscription's information of other users by modifying the `SUSCBRIPTION ID` parameter of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION ID>". **Recommendations** For EmbedAI versions 2.1 and below, consider restricting access to the "/demos/embedai/subscriptions/show/<SUSCBRIPTION ID>" endpoint until a patch is available. As a temporary workaround, avoid using the `SUSCBRIPTION ID` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the `CHAT ID` parameter in the endpoint "/embedai/chats/load messages?chat id=<CHAT ID>". **Recommendations** For EmbedAI versions 2.1 and below, consider restricting access to the "/embedai/chats/load messages" endpoint until a patch is available. As a temporary workaround, avoid using the `CHAT ID` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue has been found, allowing an authenticated attacker to write messages into other users' chat by changing the `chat id` parameter of the POST request "/embedai/chats/send message". **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/embedai/chats/send message" endpoint until a patch is available. Avoid using the `chat id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the `FILE ID` of the endpoint "/embedai/files/show/<FILE ID>". **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/embedai/files/show/<FILE ID>" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The information provided by this endpoint includes the IP address, user agent, and location of the user who visited the web page. The endpoint "/embedai/visits/show/<VISIT ID>" is also vulnerable, providing similar information. **Recommendations** For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/visits/show/" and "/embedai/visits/show/<VISIT ID>" endpoints to prevent unauthorized information disclosure. As a temporary workaround, consider disabling the `visit` functionality until a patch is available. Avoid using the `VISIT ID` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and below **Description** An Improper Access Control issue has been found, allowing an authenticated attacker to change their subscription plan without paying. This is achieved by making a POST request to the "/demos/embedai/pmt cash on delivery/pay" endpoint and altering its parameters. **Recommendations** For EmbedAI versions 2.1 and below, as a temporary workaround, consider restricting access to the "/demos/embedai/pmt cash on delivery/pay" endpoint to prevent unauthorized changes to subscription plans. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** An issue with inadequate access control has been identified, allowing an authenticated attacker to obtain database backups by requesting the "/embedai/app/uploads/database/" endpoint. This endpoint is vulnerable, enabling unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not specified. There is no information available about real-world incidents where this issue was exploited. **Recommendations** For EmbedAI versions 2.1 and earlier, consider restricting access to the "/embedai/app/uploads/database/" endpoint to prevent unauthorized database backup retrieval until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI versions 2.1 and earlier **Description** A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injection of malicious JavaScript code, which will be executed when a user opens the malicious URL. **Recommendations** For EmbedAI versions 2.1 and earlier, consider disabling access to the "/embedai/users/show/" endpoint until a patch is available. Restrict the use of the `SCRIPT` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Moodle (affected versions not specified) Description: The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary commands. It also involves incorrect validation of allowed event types in a calendar web service, enabling some users to create events with types or audiences they are not authorized to publish to. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grav versions 1.7.44 and before **Description** A cross-site scripting (XSS) vulnerability allows remote authenticated attackers to execute arbitrary web scripts or HTML via the `onmouseover` attribute of an `ISINDEX` element. **Recommendations** For Grav versions 1.7.44 and before, consider disabling the `onmouseover` attribute of `ISINDEX` elements as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazing Little Poll versions 1.3 through 1.4 **Description** The issue allows an unauthenticated user to access the admin panel without providing any credentials by accessing the "lp admin.php?adminstep=" parameter. This could enable unauthorized access to sensitive areas of the application. **Recommendations** For versions 1.3 and 1.4, consider restricting access to the "lp admin.php?adminstep=" parameter until a patch is available. As a temporary workaround, avoid using the `adminstep` parameter in the "lp admin.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Amazing Little Poll versions 1.3 through 1.4 **Description** The issue is a Stored XSS vulnerability that allows a remote attacker to store a malicious JavaScript payload in the "lp admin.php" file using the `question` and `item` parameters. This could lead to malicious JavaScript execution while the page is loading. **Recommendations** For versions 1.3 and 1.4, consider disabling access to the "lp admin.php" file or restricting the use of the `question` and `item` parameters until a patch is available. As a temporary workaround, avoid using the `question` and `item` parameters in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** HelpDezk Community version 1.1.10 **Description** The issue is related to a SQL injection vulnerability that could allow a remote attacker to send a specially crafted SQL query to the `rows` parameter of the "jsonGrid route" and extract all the information stored in the application. **Recommendations** For version 1.1.10, consider disabling access to the "jsonGrid route" until a patch is available. Restrict the use of the `rows` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HelpDezk Community version 1.1.10 **Description** The issue is related to improper authorization, allowing a remote attacker to access the platform without authentication. This could lead to the retrieval of personal data via the `jsonGrid` parameter. **Recommendations** For version 1.1.10, consider restricting access to the `jsonGrid` parameter until a patch is available. As a temporary workaround, disabling the feature that utilizes the `jsonGrid` parameter may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jorani version 1.0.0 **Description** An SQL Injection issue has been found, allowing an authenticated remote user with low privileges to send queries with malicious SQL code on the "/leaves/validate" path and the `id` parameter. This enables the extraction of arbitrary information from the database. **Recommendations** For Jorani version 1.0.0, as a temporary workaround, consider restricting access to the "/leaves/validate" path and the `id` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SLims version 9.6.0 **Description** The issue allows an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape image.php" file in the `imageURL` parameter. This is a Server-Side Request Forgery vulnerability. **Recommendations** For SLims version 9.6.0, as a temporary workaround, consider restricting access to the "scrape image.php" file or limiting the use of the `imageURL` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scada-LTS version 2.7.1.1 build 2948559113 **Description** A privilege escalation issue was discovered that allows remote attackers, authenticated in the application as a low-privileged user, to change their role, for example, to administrator, by updating their user profile. This issue is related to authorization errors. **Recommendations** For Scada-LTS version 2.7.1.1 build 2948559113, consider restricting access to user profile updates until a patch is available. As a temporary workaround, limit the ability of low-privileged users to modify their roles or access levels.