Mesut Timur

**Name of the Vulnerable Software and Affected Versions** Apache Tika versions prior to 1.13 **Description** The issue is related to the improper initialization of the XML parser or the choice of handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks. This can occur through vectors involving spreadsheets in OOXML files and XMP metadata in PDF and other file formats. **Recommendations** For Apache Tika versions prior to 1.13, update to version 1.13 or later to resolve the issue. As a temporary workaround, consider disabling the XML parser initialization or restricting the handling of XML files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.6.3 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For Joomla! versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TWiki versions prior to 5.1.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `newtopic` parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic, or the query string to SlideShow.pm in the SlideShowPlugin. **Recommendations** For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebCreateNewTopic action and the SlideShowPlugin to minimize the risk of exploitation. Avoid using the `newtopic` parameter in the WebCreateNewTopic action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TWiki versions prior to 5.0.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `origurl` parameter to a (1) view script or (2) login script. **Recommendations** For versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `origurl` parameter in the view and login scripts until a patch is applied. Avoid using the `origurl` parameter in affected scripts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.5.x through 1.5.19 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via administrator screens in the Back End, due to multiple cross-site scripting (XSS) vulnerabilities. **Recommendations** For Joomla! versions 1.5.x through 1.5.19, update to version 1.5.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Falt4Extreme RC4 version 10.9.2007 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `handler` parameter to API endpoints such as "index.php" and possibly "admin/index.php", and the `topic` parameter to "modules/feed/feed.php". **Recommendations** For version 10.9.2007, consider restricting access to the vulnerable API endpoints "index.php" and "admin/index.php" and avoid using the `handler` parameter until a fix is available. Additionally, restrict the use of the `topic` parameter in "modules/feed/feed.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Falt4Extreme RC4 version 10.9.2007 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `nav ID` parameter in the "index.php" and possibly "admin/index.php" files. **Recommendations** For version 10.9.2007, consider restricting access to the `nav ID` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `nav ID` parameter in the "index.php" and "admin/index.php" files to minimize the risk of exploitation.