Martin

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 113.0.5672.63 **Description** The issue is related to insufficient validation of untrusted input in Extensions, allowing an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. This could enable a remote attacker to bypass security restrictions and gain unauthorized access to protected information using a specially crafted malicious web page. **Recommendations** For versions prior to 113.0.5672.63, update to version 113.0.5672.63 or later to resolve the issue. As a temporary workaround, consider disabling the installation of extensions from untrusted sources until the update is applied. Restrict access to sensitive files and information to minimize the risk of exploitation. Avoid using crafted HTML pages that could trigger the bypass of file access checks.

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions prior to 2.2.4 Description: The issue allows storing malicious XSS code in central configuration entries, such as the logo URL, which can be done by users with an admin role. Additionally, it is possible to write files to the Archiva server at arbitrary locations using the artifact upload mechanism, potentially overwriting existing files if the Archiva run user has the necessary filesystem permissions. Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration entries and the artifact upload mechanism to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions 2.0.0 through 2.2.3 Description: The issue allows writing files to the Archiva server at arbitrary locations using the artifact upload mechanism. It is also possible to overwrite existing files if the Archiva run user has the appropriate permission on the filesystem for the target file. Recommendations: For Apache Archiva versions 2.0.0 through 2.2.3, consider restricting the artifact upload mechanism to prevent writing files to arbitrary locations until a patch is available. As a temporary workaround, review and restrict file system permissions for the Archiva run user to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Loomio versions prior to 1.8.0 **Description** A cross-site scripting (XSS) issue exists in the Markdown parser, allowing remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. **Recommendations** For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.0 **Description** The issue allows local users to gain privileges due to world-writable permissions on Mac OS X. **Recommendations** For versions prior to 1.0, update to a version that is 1.0 or later to resolve the issue.