Matthew Oyer

**Name of the Vulnerable Software and Affected Versions** SCT Campus Pipeline (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `utf` parameter. This could potentially lead to unauthorized actions on the affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FuseTalk version 4.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to execute arbitrary web script. This can be achieved via an img src tag. **Recommendations** For FuseTalk version 4.0, consider disabling the ability to include user-supplied input in img src tags until a patch is available. Restrict access to areas where user input is reflected in the application to minimize the risk of exploitation.