Mrtuxracer

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions prior to 7.4.4 Description: Wing FTP Server does not properly validate and sanitize the `url` parameter of the `/downloadpass.html` API endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker. Recommendations: Update Wing FTP Server to version 7.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** C4B XPhone Unified Communications (UC) 2011 Web version 4.1.890S R1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the company name in the contacts. This could potentially lead to unauthorized actions on the web application. **Recommendations** For version 4.1.890S R1, as a temporary workaround, consider restricting input for the company name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.