Matthew Kienow

**Name of the Vulnerable Software and Affected Versions** OpenKM (affected versions not specified) **Description** A stored XSS issue is present in the document "note" functionality of OpenKM, accessible if an attacker has console access and is authenticated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenKM DMS (affected versions not specified) **Description** The OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition when a malicious document provided by an attacker is processed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mayan EDMS (affected versions not specified) **Description** An XSS issue was discovered in the Mayan EDMS DMS, where successful exploitation was observed in the in-product tagging system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified) **Description** The issue is a stored cross-site scripting (XSS) condition in the document version comments, which allows for persistent or "Type II" XSS attacks. This means that an attacker can inject malicious code into the comments of a document version, and this code will be executed when other users view the comments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified) **Description** The issue is a stored cross-site scripting (XSS) condition, specifically a "Type II" or persistent XSS, that occurs in the document file name. This means that an attacker could potentially inject malicious scripts into the file names of documents, which would then be executed when the file name is displayed or processed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Enterprise (affected versions not specified) **Description** The issue is a stored cross-site scripting (XSS) condition in the in-app chat system. This type of XSS occurs when malicious code is stored on the server and then executed by the browser when the affected page is viewed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified) **Description** The issue is related to a stored cross-site scripting (XSS) condition in the in-app messaging system, affecting both subject and message bodies. This type of XSS is also known as "Type II" or persistent XSS, meaning the malicious script is stored on the server and can be executed by multiple users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE Workspace DMS (affected versions not specified) Mayan EDMS DMS (affected versions not specified) **Description** The issue is related to a stored cross-site scripting (XSS) condition. This occurs when a malicious document provided by an attacker is used, allowing for potential exploitation. The vulnerability exists due to insufficient encryption of user-input data. Successful exploitation can enable an attacker to perform cross-site scripting attacks. There is also mention of an XSS vulnerability in the Mayan EDMS DMS, specifically observed in the in-product tagging system. **Recommendations** For ONLYOFFICE Workspace DMS, consider disabling the handling of malicious documents until a patch is available. For Mayan EDMS DMS, restrict access to the in-product tagging system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenNMS versions prior to 18.0.2 **Description** The issue is related to a stored XSS problem due to insufficient filtering of SNMP agent supplied data. An attacker can create a malicious SNMP `sysName` or `sysContact` response to store an XSS payload, which will trigger when a user views the data in the web UI. **Recommendations** For OpenNMS versions prior to 18.0.2, update to version 18.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of SNMP `sysName` and `sysContact` responses until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenNMS versions 18.0.1 and prior **Description** The issue is related to a stored XSS problem due to insufficient filtering of SNMP trap supplied data. An attacker can create a malicious SNMP trap to store an XSS payload, which will trigger when a user views the events list page in the web UI. **Recommendations** For OpenNMS versions 18.0.1 and prior, update to version 18.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the events list page in the web UI until the update is applied.

Name of the Vulnerable Software and Affected Versions: HP PageWide Printers versions prior to firmware 1708D HP OfficeJet Pro Printers versions prior to firmware 1708D Description: A potential security issue has been identified that could potentially be exploited to execute arbitrary code. Recommendations: For HP PageWide Printers versions prior to firmware 1708D, update the firmware to version 1708D or later. For HP OfficeJet Pro Printers versions prior to firmware 1708D, update the firmware to version 1708D or later.

**Name of the Vulnerable Software and Affected Versions** Opmantek NMIS versions prior to 4.3.7c Opmantek NMIS versions prior to 8.5.12G in non-default configurations **Description** The issue concerns command injection via certain commands in the tools.pl CGI script. The affected commands include man, finger, ping, trace, and nslookup. **Recommendations** For versions prior to 4.3.7c, update to version 4.3.7c or later. For versions prior to 8.5.12G in non-default configurations, update to version 8.5.12G or later.

**Name of the Vulnerable Software and Affected Versions** Opmantek NMIS versions prior to 8.5.12G **Description** The issue is related to a security problem where an attacker can exploit the software using SNMP, leading to XSS. **Recommendations** For versions prior to 8.5.12G, update to version 8.5.12G or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opsview versions prior to 2015-11-06 **Description** The issue allows for XSS via SNMP. **Recommendations** For versions prior to 2015-11-06, update to a version released after 2015-11-06 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Spiceworks Desktop versions prior to 2015-12-01 **Description** The issue is related to a security problem where an SNMP response can lead to XSS. **Recommendations** For versions prior to 2015-12-01, update to a version released after 2015-12-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Netmaster CBW700N cable modem version 81.447.392110.729.024 **Description** The issue allows remote attackers to obtain sensitive information, including credentials, keys, and SSID details, by sending an SNMP request. This is possible due to the use of a default SNMP community string set to `public`. **Recommendations** For Netmaster CBW700N cable modem version 81.447.392110.729.024, change the default SNMP community string from `public` to a secure, unique string to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Arris Touchstone DG950A cable modem version 7.10.131 **Description** The issue allows remote attackers to obtain sensitive information, including password, key, and SSID details, by sending an SNMP request. This is possible due to the use of a default SNMP community string set to `public`. **Recommendations** For Arris Touchstone DG950A cable modem version 7.10.131, consider changing the default SNMP community string to a secure value to prevent unauthorized access. As a temporary workaround, restrict access to the SNMP service to minimize the risk of exploitation.