Maique

Name of the Vulnerable Software and Affected Versions: oitcode samarium versions through 0.9.6 Description: A security flaw exists in oitcode samarium up to version 0.9.6. The issue affects unknown code within the `/cms/webpage/` file of the Pages Image Handler component and allows for cross-site scripting. This manipulation can be performed remotely. The exploit has been released publicly. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: oitcode samarium versions up to 0.9.6 Description: A vulnerability exists in oitcode samarium, potentially allowing for cross site scripting. The issue affects the Team Image Handler component, specifically within the `/dashboard/team` file. The vulnerability impacts an unknown function. The exploit has been made public. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos Litmus due to improper control of resource identifiers resulting from the manipulation of the `projectID` argument. This issue can be exploited remotely. The exploit has been publicly disclosed. The vendor was informed of this disclosure but did not respond. Recommendations: Versions prior to 3.19.0 should be used.

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions prior to 3.19.1 Description: A problematic issue exists in the LocalStorage Handler component of LitmusChaos Litmus. Manipulation of the `projectID` argument can lead to authorization bypass. Local access is required for exploitation. The details of this issue have been publicly disclosed, and the vendor did not respond to early disclosure attempts. Recommendations: Update LitmusChaos Litmus to version 3.19.1 or later.

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions prior to 3.19.1 Description: A critical vulnerability exists in LitmusChaos Litmus. The issue affects an unknown part of the `/auth/login` file. Manipulation of the `projectID` argument results in improper access controls, allowing for remote exploitation. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Update LitmusChaos Litmus to version 3.19.1 or later.

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions prior to 3.19.0 Description: A critical issue exists in LitmusChaos related to improper authorization. The vulnerability stems from the manipulation of the `role` argument during the processing of the `/auth/list projects` API endpoint, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. The vendor was informed of the vulnerability but did not respond. Recommendations: Update to a version beyond 3.19.0. As a temporary workaround, restrict access to the `/auth/list projects` API endpoint.

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A critical issue exists in LitmusChaos Litmus related to permission issues stemming from unknown processing within the LocalStorage Handler component. The issue can be initiated remotely, and the exploit has been publicly disclosed. The vendor was notified but did not respond. Recommendations: Versions prior to 3.19.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** oitcode samarium versions up to 0.9.6 **Description:** A critical vulnerability exists in oitcode samarium, allowing for unrestricted file uploads. The issue affects an unknown function within the `/dashboard/product` file of the Create Product Page component. The attack can be executed remotely. The exploit has been publicly disclosed and may be used. **Recommendations:** oitcode samarium versions prior to 0.9.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos related to missing authorization checks within the Delete Request Handler component. The vulnerability resides in the `/auth/delete project/` file and is triggered by manipulating the `projectID` argument. This allows for remote deletion without proper authorization. The exploit details have been publicly disclosed, and the vendor was notified but did not respond. Recommendations: LitmusChaos versions prior to 3.19.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos. The manipulation leads to client-side enforcement of server-side security. This issue is potentially exploitable remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.