Mario Tesoro

**Name of the Vulnerable Software and Affected Versions** HCL Unica Marketing Operations versions 12.1.8 and lower **Description** A stored cross-site scripting (XSS) issue exists in HCL Unica Marketing Operations. Stored cross-site scripting occurs when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. **Recommendations** Versions prior to 12.1.8 are affected.

**Name of the Vulnerable Software and Affected Versions** OpenText Web Site Management Server versions 16.7.0 through 16.7.1 **Description** A Cross-Site Request Forgery (CSRF) issue exists in OpenText Web Site Management Server. A user with an active session could be tricked into performing actions without their knowledge by clicking on a malicious page containing crafted HTML. **Recommendations** Update OpenText Web Site Management Server to a version later than 16.7.1.

**Name of the Vulnerable Software and Affected Versions** OpenText Web Site Management Server versions 16.7.0 through 16.7.1 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting (XSS). This allows for the injection of malicious JavaScript code through URL parameters. When a page preview is rendered, the injected script can execute on the client side. The issue involves rendering malicious scripts when a page preview is generated. **Recommendations** Update OpenText Web Site Management Server to a version later than 16.7.1.

**Name of the Vulnerable Software and Affected Versions** DokuWiki version 2025-05-14a **Description** A Cross Site Scripting issue exists in DokuWiki. A remote attacker may be able to execute arbitrary code through the `q` parameter. The vulnerable component is 'Librarian' [56.1]. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Copy Services Manager version 6.3.13 **Description** IBM Copy Services Manager 6.3.13 is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code within the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 **Description** The issue allows an attacker to access sensitive files by inserting path traversal payloads inside the `deficon` parameter, enabling local file inclusion. **Recommendations** For versions 11.2.0 through 11.2.4 FP5, avoid using the `deficon` parameter in affected API endpoints until the issue is resolved.