Majid Lakhnati

**Name of the Vulnerable Software and Affected Versions** baltic-it TOPqw Webportal versions 1.35.287.1 through 1.35.290 **Description** The create user function in the baltic-it TOPqw Webportal is vulnerable to SQL injection. This issue affects the `/Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser` endpoint, where the `username` variable in the JSON object allows the manipulation of SQL queries. **Recommendations** For versions 1.35.287.1 through 1.35.290, update to version 1.35.291 to resolve the issue. As a temporary workaround, consider restricting access to the `/Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** baltic-it TOPqw Webportal versions 1.35.283.2 through 1.35.283.3 **Description** The login form of the baltic-it TOPqw Webportal at "/Apps/TOPqw/Login.aspx" is vulnerable to SQL injection. The vulnerability exists in the `txtUsername` parameter, which allows for manipulation of SQL queries. **Recommendations** For versions 1.35.283.2 through 1.35.283.3, update to version 1.35.283.4 to resolve the issue. As a temporary workaround, consider restricting access to the `/Apps/TOPqw/Login.aspx` endpoint until a patch is available. Avoid using the `txtUsername` parameter in the affected login form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** baltic-it TOPqw Webportal version 1.35.283.2 **Description** The issue is related to Incorrect Access Control in the User Management function, specifically in the /Apps/TOPqw/BenutzerManagement.aspx endpoint. This allows a low-privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other users or unlock their own account, change the password of other users, create new users or delete existing users, and view, manipulate, and delete reference data. **Recommendations** For version 1.35.283.2, consider restricting access to the /Apps/TOPqw/BenutzerManagement.aspx endpoint until a patch is available. As a temporary workaround, limit the privileges of low-privileged users to prevent them from accessing and manipulating sensitive information. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** baltic-it TOPqw Webportal versions 1.35.283.2 through 1.35.290 **Description** The issue affects the "Stammdaten" menu in the /Apps/TOPqw/qwStammdaten.aspx endpoint, allowing for persistent Cross-Site Scripting (XSS). **Recommendations** For versions 1.35.283.2 through 1.35.290, update to version 1.35.291 to resolve the issue. As a temporary workaround, consider restricting access to the /Apps/TOPqw/qwStammdaten.aspx endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** baltic-it TOPqw Webportal versions 1.35.287.1 through 1.35.290 **Description** The issue concerns a Cross-Site Scripting (XSS) vulnerability in the file upload function of the "QWKalkulation" tool. To exploit this vulnerability, an attacker must be authenticated to the application using the "TOPqw Webportal". Once authenticated, the attacker can persistently place malicious JavaScript code in the "QWKalkulation" menu. The vulnerable endpoint is /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx. **Recommendations** For versions 1.35.287.1 through 1.35.290, update to version 1.35.291 to resolve the issue. As a temporary workaround, consider restricting access to the "QWKalkulation" tool and the file upload function in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx to minimize the risk of exploitation.