Nicola Staller

**Name of the Vulnerable Software and Affected Versions** AudioCodes One Voice Operations Center (OVOC) versions prior to 8.4.582 **Description** The issue is related to improper neutralization of input via the devices API, allowing an attacker to inject malicious JavaScript code (XSS) and attack logged-in administrator sessions. This can lead to stored Cross-Site Scripting (XSS) in AudioCodes OVOC Devices API. **Recommendations** For versions prior to 8.4.582, update to version 8.4.582 or later to resolve the issue. As a temporary workaround, consider restricting access to the devices API to minimize the risk of exploitation. Avoid using the devices API until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AudioCodes One Voice Operations Center (OVOC) versions prior to 8.4.582 **Description** A path traversal issue allows sensitive data to be read without any authentication. This means that an attacker could potentially access confidential information by manipulating file paths. **Recommendations** For versions prior to 8.4.582, update to version 8.4.582 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional authentication measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MIK.starlight version 7.9.5.24363 **Description** The issue allows authenticated remote attackers to execute operating system commands by crafting serialized objects due to deserialization of untrusted data in multiple functions. **Recommendations** For MIK.starlight version 7.9.5.24363, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIK.starlight version 7.9.5.24363 **Description** The issue is related to improper authorization in multiple functions, allowing an authenticated attacker to escalate privileges. **Recommendations** For MIK.starlight version 7.9.5.24363, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIK.starlight version 7.9.5.24363 **Description** The issue allows an authenticated attacker to read arbitrary files from the filesystem by specifying the file path, due to the functionality of the `AdminGetFirstFileContentByFilePath` function. **Recommendations** For MIK.starlight version 7.9.5.24363, consider restricting access to the `AdminGetFirstFileContentByFilePath` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MIK.starlight version 7.9.5.24363 **Description** The issue involves the use of a hard-coded cryptographic key, allowing local users to decrypt credentials via unspecified vectors. **Recommendations** For MIK.starlight version 7.9.5.24363, consider changing the hard-coded cryptographic key to a unique, user-defined key to prevent unauthorized decryption of credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.