Marco Nappi

**Name of the Vulnerable Software and Affected Versions** Miliaris Amigdala version 2.2.6 **Description** A cross-site scripting (XSS) issue in the e-mail manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. This could potentially lead to unauthorized actions being taken on behalf of the user. **Recommendations** For Miliaris Amigdala version 2.2.6, consider disabling the e-mail manager function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the e-mail manager to minimize the risk of arbitrary HTML execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Miliaris Amigdala version 2.2.6 **Description** A cross-site scripting (XSS) issue in the data resource management function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. **Recommendations** For Miliaris Amigdala version 2.2.6, consider disabling the data resource management function until a patch is available to prevent exploitation of the XSS issue. Restrict access to this function to minimize the risk of arbitrary HTML execution in the context of a user's browser.

**Name of the Vulnerable Software and Affected Versions** Miliaris Amigdala version 2.2.6 **Description** A cross-site scripting (XSS) issue in the report manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. **Recommendations** For Miliaris Amigdala version 2.2.6, consider disabling the report manager function until a patch is available to prevent exploitation of the XSS issue. Restrict access to the report manager to minimize the risk of arbitrary HTML execution. Avoid using the report manager function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Life Sciences Argus Safety version 8.2.3 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Argus Safety. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of Oracle Life Sciences Argus Safety's accessible data, as well as unauthorized read access to a subset of Oracle Life Sciences Argus Safety's accessible data. **Recommendations** For version 8.2.3, update to a version that contains a fix for this issue, as the current version is affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Spell Check versions prior to 9.13 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not escaping ignored words. **Recommendations** For versions prior to 9.13, update to version 9.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ignored words feature until a patch is available.