N0Ipr0Cs

**Name of the Vulnerable Software and Affected Versions** ACS Advanced Comment System version 1.0 **Description** The issue allows Directory Traversal via the `advanced component system/index.php` API endpoint, specifically through the `ACS path` variable. This can be exploited by manipulating the `ACS path` variable with a URI such as `..%2f`. **Recommendations** For ACS Advanced Comment System version 1.0, as a temporary workaround, consider restricting access to the `advanced component system/index.php` API endpoint until a patch is available. Avoid using the `ACS path` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SyncBreeze versions 10.1 through 10.7 Description: The issue is an XSS that affects SyncBreeze. Recommendations: For versions 10.1 through 10.7, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: DiskPulse Enterprise versions 10.4 through 10.7 Description: A cross-site scripting issue exists, potentially allowing for malicious script execution. Recommendations: For versions 10.4 through 10.7, update to a version later than 10.7 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: DiskSavvy Enterprise versions 10.4 through 10.7 Description: A cross-site scripting (XSS) issue exists. Recommendations: For versions 10.4 through 10.7, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: DiskBoss Enterprise versions 7.4.28 through 9.1.16 Description: The issue is related to a Cross-Site Scripting (XSS) problem. Recommendations: For versions 7.4.28 through 9.1.16, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Flexense VX Search Enterprise versions 10.1.12 through 10.7 Description: A cross-site scripting (XSS) issue exists. Recommendations: For versions 10.1.12 through 10.7, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: DiskSorter Enterprise versions 9.5.12 through 10.7 Description: A cross-site scripting issue exists, potentially allowing for malicious script execution. Recommendations: For versions 9.5.12 through 10.7, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Flexense DupScout Enterprise versions 10.0.18 through 10.7 Description: A cross-site scripting issue exists. Recommendations: For versions 10.0.18 through 10.7, update to a version that contains a fix for this issue.