Mbiesiad

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.3.0 Description A security issue exists in Plane's authentication process. The email address of a user is included as a query parameter in the URL during error handling, such as when an invalid magic code is submitted. This practice of transmitting personally identifiable information (PII) via GET request query strings is considered an insecure design. The vulnerable code is located in the authentication utility module (packages/utils/src/auth.ts). Recommendations Update to version 1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** aaPanel version 7.57.0 **Description** A missing path validation check in aaPanel can allow attackers to execute a local file inclusion (LFI), potentially exposing sensitive information. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movary versions prior to 0.70.0 **Description** Movary is a web application used to track, rate, and explore movie watch history. Insufficient input validation allows attackers to trigger cross-site scripting payloads. The vulnerable parameter is `?categoryCreated=`. **Recommendations** Update to version 0.70.0 or later.

**Name of the Vulnerable Software and Affected Versions** Movary versions prior to 0.70.0 **Description** Movary is a web application used to track and rate movie watch history. Insufficient input validation allows attackers to trigger cross-site scripting payloads. The vulnerable parameter is `?categoryDeleted=`. **Recommendations** Upgrade to version 0.70.0 or later.

**Name of the Vulnerable Software and Affected Versions** Movary versions prior to 0.70.0 **Description** Movary is a web application used to track and rate movie watch history. Insufficient input validation allows attackers to trigger cross-site scripting payloads. The vulnerable parameter is `categoryUpdated`. **Recommendations** Versions prior to 0.70.0 should be updated to version 0.70.0.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum version 2.1.6 **Description** A stored cross-site scripting (XSS) issue exists in Simple Machines Forum. Successful exploitation allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Forum Name parameter. **Recommendations** Update Simple Machines Forum to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the Forum Name parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** A flaw exists in the access control mechanism within the `/templates/` component. This allows attackers to access sensitive files through directory traversal techniques. The affected component is the `/templates/` API endpoint. Attackers can exploit this by manipulating directory paths to gain unauthorized access to files. **Recommendations** Update RiteCMS to a version that addresses this access control issue. As a temporary workaround, restrict access to the `/templates/` component to minimize the risk of unauthorized file access.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** A local file inclusion issue exists in RiteCMS version 3.1.0. This allows attackers to potentially read arbitrary files on the host system. The issue is due to a directory traversal vulnerability within the `admin.php` component, specifically through the `admin language file` and `default page language file` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** A Cross-Site Request Forgery (CSRF) exists in the page creation/editing function. This allows attackers to create pages by sending a specially crafted POST request. The affected function does not properly validate requests, enabling unauthorized page creation. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pagekit CMS version 1.0.18 **Description** An authenticated user can upload arbitrary files through the `/storage/poc.php` component. Successful exploitation allows attackers to execute arbitrary code by uploading a crafted PHP file. The vulnerable component is `/storage/poc.php`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/storage/poc.php` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pagekit CMS version 1.0.18 **Description** An Insecure Direct Object Reference (IDOR) exists in Pagekit CMS version 1.0.18, potentially allowing attackers to escalate privileges. An IDOR occurs when an application uses user-supplied input to directly access objects, leading to unauthorized access. In this instance, an attacker could potentially manipulate object references to gain elevated privileges within the system. The API endpoint is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified. **Recommendations** Update Pagekit CMS to a version that addresses this issue. As a temporary workaround, implement stricter access controls and validation of object references to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** RiteCMS version 3.1.0 contains an authenticated remote code execution (RCE) issue. The issue is due to a flaw in the `parse special tags()` function, which allows for code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** A reflected cross-site scripting (XSS) issue exists in RiteCMS version 3.1.0. This allows attackers to execute arbitrary code within a user’s browser through a specially designed payload. The attack vector involves manipulating the application to reflect malicious scripts back to the user. **Recommendations** Update RiteCMS to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RiteCMS version 3.1.0 **Description** RiteCMS v3.1.0 uses insecure encryption for password storage. This could allow an attacker to compromise user accounts if they gain access to the stored password data. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Weblate versions 5.13.2 and below **Description** Weblate is a web-based localization tool. An open redirect exists via the `redir` parameter on the '.within.website' endpoint when Weblate is configured with Anubis and `REDIRECT DOMAINS` is not set. An attacker can create a URL on the legitimate domain that redirects a victim to an attacker-controlled site. This redirect could also initiate drive-by downloads, posing a risk to end users. **Recommendations** Update to version 5.13.3 or later.

**Name of the Vulnerable Software and Affected Versions** Taipy versions prior to 4.0.0 **Description** The issue concerns session cookies being served without Secure and HTTPOnly flags, which could expose them to interception or tampering if the connection is not secure. The HTTPOnly flag prevents the cookie from being accessed by client-side JavaScript, helping to mitigate certain types of attacks, such as cross-site scripting (XSS). **Recommendations** For versions prior to 4.0.0, upgrade to release version 4.0.0 to address the issue. As a temporary workaround, consider adding Secure and HTTPOnly flags for cookies, for example, by setting `document.cookie = `tprh=${tprh};path=/;Secure;HttpOnly;`;` to prevent the cookie from being sent over insecure connections and accessed by client-side JavaScript.

**Name of the Vulnerable Software and Affected Versions** Hoppscotch versions prior to 2023.12.6 **Description** Hoppscotch is an API development ecosystem. Due to the lack of validation for fields like `Label (Edit Team) - TeamName`, bad actors can send emails with spoofed content as Hoppscotch. Part of the payload, an external link, is presented in a clickable form, making it easier for malicious actors to achieve their goals. **Recommendations** For versions prior to 2023.12.6, update to version 2023.12.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Label (Edit Team) - TeamName` field to minimize the risk of exploitation. Avoid using external links in the payload until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenReplay version 1.14.0 **Description** OpenReplay is a self-hosted session replay suite. Due to a lack of validation in the Name field in Account Settings, a bad actor can send emails with HTML injected code to victims. This can be used for phishing actions. Although the email is sent from OpenReplay, bad actors can inject HTML code, allowing for content spoofing. It appears that during registration, the FullName field has correct validation, but bad actors can bypass this to achieve their goals. **Recommendations** For OpenReplay version 1.14.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tolgee versions prior to 3.29.2 **Description** Tolgee is an open-source localization platform. Due to a lack of validation in the `Org Name` field, a bad actor can send emails with HTML injected code to victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users, which ends up in invitation emails appearing as legitimate org invitations. Bad actors may direct users to a malicious website or execute JavaScript in the context of the user's browser. **Recommendations** For versions prior to 3.29.2, upgrade to version 3.29.2 to address the vulnerability. As a temporary workaround, consider restricting the use of the `Org Name` field until the upgrade is applied. Avoid using the `Org Name` field in a way that could allow HTML injection until the issue is resolved.