Maximillian Dornseif

**Name of the Vulnerable Software and Affected Versions** Openconf versions prior to 1.10 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML and web script via the paper title. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 1.10, update to version 1.10 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user-input data, especially for the paper title field, to prevent malicious script injections. Restrict access to sensitive areas of the application until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Image processing software (affected versions not specified) **Description** A design flaw in the software that modifies JPEG images might not modify the original EXIF thumbnail, potentially leading to an information leak of sensitive visual information that had been removed from the main JPEG image. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.