N1X

**Name of the Vulnerable Software and Affected Versions** Aryanic HighMail (High CMS) versions 2020 and before **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `user` variable to the LoginForm, enabling Cross Site Scripting (XSS) attacks. **Recommendations** For Aryanic HighMail (High CMS) versions 2020 and before, as a temporary workaround, consider restricting access to the LoginForm or disabling the `user` variable input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltimateKode Neo Billing - Accounting, Invoicing And CRM Software versions up to 3.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, due to a Cross Site Scripting (XSS) vulnerability. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For UltimateKode Neo Billing - Accounting, Invoicing And CRM Software versions up to 3.5, update to a version later than 3.5 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.