Nikhil Mittal

**Name of the Vulnerable Software and Affected Versions** Opera Mini version 47.1.2249.129326 **Description** The issue allows remote attackers to spoof the Location Permission dialog via a crafted web site. This can be achieved by accessing specific `API Endpoints` or by manipulating certain `variables`, although the specific details of these endpoints and variables are not provided. The general information about the issue suggests it is related to how the Opera Mini application handles location permissions, potentially allowing for unauthorized access or spoofing. **Recommendations** For Opera Mini version 47.1.2249.129326, consider updating to a newer version that addresses this issue, as the current version allows for the spoofing of the Location Permission dialog. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.2 iOS versions prior to 13.6 iPadOS versions prior to 13.6 **Description** A logic issue was addressed with improved restrictions. A malicious attacker may cause Safari to suggest a password for the wrong domain. **Recommendations** For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later. For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 Safari versions prior to 13.1.2 **Description** A logic issue was addressed with improved restrictions. The issue may allow a remote attacker to bypass the Same Origin Policy in Safari Reader mode. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.2 **Description** A logic issue was addressed with improved restrictions. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode. **Recommendations** For versions prior to 13.1.2, update to Safari 13.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.4 iPadOS versions prior to 13.4 **Description** The issue allows a user to potentially grant website permissions to a site they did not intend to. This occurs due to a problem with website permission prompts after navigation. **Recommendations** For iOS versions prior to 13.4, update to iOS 13.4 or later to resolve the issue. For iPadOS versions prior to 13.4, update to iPadOS 13.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.5 **Description** The issue is related to an inconsistent user interface that could be exploited by visiting a malicious website, potentially leading to address bar spoofing. **Recommendations** For versions prior to 13.0.5, update to Safari 13.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.9.9 **Description** The issue concerns Stored Cross-site Scripting (XSS) that can be achieved via an HTML attachment. **Recommendations** For versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.9.9 **Description** The issue concerns Cross-Site Request Forgery (CSRF) in the admin/stat.ratings.php file. **Recommendations** For versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue.