Mochamad Sofyan

**Name of the Vulnerable Software and Affected Versions** Academy LMS versions 2.0.4 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, in Kodezen Limited Academy LMS. This vulnerability allows for redirection to untrusted sites. **Recommendations** For versions 2.0.4 and earlier, update to a version later than 2.0.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Repute Infosystems BookingPress versions 1.0.0 through 1.0.82 **Description** A Missing Authorization issue has been identified. This issue affects the BookingPress plugin. **Recommendations** For versions 1.0.0 through 1.0.82, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Academy LMS versions 1.9.16 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Academy LMS academy. **Recommendations** For versions 1.9.16 and earlier, update to a version that contains a fix for this issue, however at the moment there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** typps Calendarista Basic Edition versions 3.0.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This vulnerability affects typps Calendarista Basic Edition. **Recommendations** For versions 3.0.5 and earlier, update to a version later than 3.0.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodePeople Appointment Hour Booking versions 1.4.56 and earlier **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability, which allows removing important client functionality. **Recommendations** For CodePeople Appointment Hour Booking versions 1.4.56 and earlier, update to a version that addresses this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss EventPrime versions 3.3.9 and earlier **Description** The issue is a Cross Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions. **Recommendations** For versions 3.3.9 and earlier, update to a version later than 3.3.9 to resolve the issue. At the moment, there is no information about other mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** SupportCandy versions 3.2.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. **Recommendations** For versions 3.2.3 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable features in SupportCandy until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Typps Calendarista Basic Edition versions 3.0.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potential malicious script injection into web pages generated by the application. **Recommendations** For Typps Calendarista Basic Edition versions 3.0.2 and earlier, update to a version later than 3.0.2 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.