Mtk

**Name of the Vulnerable Software and Affected Versions** LISTSERV versions prior to 16.5-2018a **Description** The issue is related to reflected cross site scripting (XSS) that exists via the "/scripts/wa.exe" API endpoint, specifically through the `OK` parameter. This allows for potential malicious script injection. **Recommendations** For versions prior to 16.5-2018a, update to version 16.5-2018a or later to resolve the issue. As a temporary workaround, consider restricting access to the "/scripts/wa.exe" API endpoint or avoiding the use of the `OK` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Wise Chat plugin for WordPress versions prior to 2.7 **Description** The issue arises from the mishandling of external links due to the omission of noopener and noreferrer in the rendering/filters/post/WiseChatLinksPostFilter.php file. **Recommendations** For Wise Chat plugin for WordPress versions prior to 2.7, update to version 2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms plugin versions prior to 3.3.18 **Description** The issue allows remote attackers to execute JavaScript. This is achieved via the `begin date`, `end date`, or `form id` parameter in the submissions page, which is part of the includes/Admin/Menus/Submissions.php file. **Recommendations** For versions prior to 3.3.18, update to version 3.3.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the submissions page or avoiding the use of the `begin date`, `end date`, or `form id` parameters until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress Feed Statistics plugin versions prior to 4.0 **Description** The issue allows for an Open Redirect via the `feed-stats-url` parameter. **Recommendations** For versions prior to 4.0, update to version 4.0 or later to resolve the issue.