Martin Herancourt

**Name of the Vulnerable Software and Affected Versions** Brent Jett Assistant versions through 1.5.2 **Description** The software contains a Reflected Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update Brent Jett Assistant to a version later than 1.5.2.

**Name of the Vulnerable Software and Affected Versions** Chartbeat versions n/a through 2.0.7 **Description** A Server-Side Request Forgery (SSRF) vulnerability exists in Chartbeat. This issue allows attackers to perform Server Side Request Forgery. **Recommendations** Update Chartbeat to a version later than 2.0.7.

Name of the Vulnerable Software and Affected Versions: Raptive Ads versions through 3.8.0 Description: Raptive Ads is susceptible to a reflected cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. Recommendations: Update Raptive Ads to a version later than 3.8.0.

Name of the Vulnerable Software and Affected Versions: CSS & JavaScript Toolbox (affected versions not specified) Description: The vulnerability involves improper control of filename handling for include/require statements in a PHP program, specifically a PHP remote file inclusion issue. This allows for local file inclusion within the application. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nikel Beautiful Cookie Consent Banner versions through 4.6.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. Recommendations: For versions through 4.6.1, update to a version that contains a fix for this issue, as using the current version may pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress versions up to, and including, 2.3.65 Description: The issue is related to DOM-Based Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages via the `pdf-source` parameter. Attackers can exploit this by tricking a user into performing an action such as clicking on a link. Recommendations: For versions up to, and including, 2.3.65, avoid using the `pdf-source` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EverPress Mailster versions through 4.0.9 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For versions through 4.0.9, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.