Nitipoom Jaroonchaipipat

**Name of the Vulnerable Software and Affected Versions** Ampache versions 6.6.0 and earlier **Description** A Cross Site Request Forgery (CSRF) issue exists in the "pvmsg.php?action=add message", "pvmsg.php?action=confirm delete", and "ajax.server.php?page=user&action=flip follow" endpoints. **Recommendations** For Ampache versions 6.6.0 and earlier, update to a version later than 6.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the "pvmsg.php?action=add message", "pvmsg.php?action=confirm delete", and "ajax.server.php?page=user&action=flip follow" endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Martin Kucej i-librarian versions 5.11.0 and before **Description** The issue allows a local attacker to execute arbitrary code via the search function in the import component. This is a Cross Site Scripting vulnerability. **Recommendations** For versions 5.11.0 and before, consider disabling the search function in the import component as a temporary workaround until a patch is available. Restrict access to the import component to minimize the risk of exploitation. Avoid using the search function in the import component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Koha Library Management System versions 23.05.05 and earlier **Description** A multiple Cross-site scripting (XSS) vulnerability in the "/members/moremember.pl" and "/members/members-home.pl" endpoints allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the `Circulation note` and `Patrons Restriction` components. **Recommendations** For Koha Library Management System versions 23.05.05 and earlier, update to a version later than 23.05.05 to resolve the issue. As a temporary workaround, consider restricting access to the "/members/moremember.pl" and "/members/members-home.pl" endpoints until a patch is available. Avoid using the `Circulation note` and `Patrons Restriction` components in the affected endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Koha Library Management System versions 23.05.05 and earlier **Description** The issue is related to a lack of neutralization of elements in a CSV file, affecting the components members/moremember.pl and admin/aqbudgets.pl. This allows a remote attacker to execute arbitrary DDE commands by sending a specially crafted CSV file. The vulnerability can be exploited via the 'Budget' and 'Patrons Member' components. **Recommendations** For Koha Library Management System versions 23.05.05 and earlier, consider disabling the `/members/moremember.pl` and `/admin/aqbudgets.pl` endpoints until a patch is available. Restrict access to the 'Budget' and 'Patrons Member' components to minimize the risk of exploitation. Avoid using these components to export CSV files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grocy versions <= 4.0.3 **Description** A Cross-Site Scripting (XSS) issue exists in the recipe preparation component within "/api/objects/recipes" and note component within "/api/objects/shopping lists/" of Grocy, allowing attackers to obtain the victim's cookies. **Recommendations** For Grocy versions <= 4.0.3, update to a version greater than 4.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/objects/recipes" and "/api/objects/shopping lists/" API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Corebos versions 8.0 and below **Description** The issue allows an attacker with low privileges to inject a malicious command into a table, which is then executed when an administrator exports the data to a CSV file and opens it, potentially leading to the execution of a malicious payload on the administrator's computer. This occurs when the administrator visits the user management section. **Recommendations** For Corebos versions 8.0 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSupports version 4.11.0 **Description** The issue allows an attacker to bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type in the comment function. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. **Recommendations** For OpenSupports version 4.11.0, as a temporary workaround, consider disabling the comment function until a patch is available. Restrict access to file upload operations to minimize the risk of exploitation. Avoid using the file upload feature in the comment section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kodbox version 1.46.01 **Description** The issue allows user enumeration, which is present on the login page. An attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. **Recommendations** For kodbox version 1.46.01, consider modifying the login page to return uniform response messages for both valid and invalid user inputs to prevent user enumeration. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grocy version 4.0.3 **Description** The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. **Recommendations** For Grocy version 4.0.3, consider disabling the equipment description component within the /equipment/ component as a temporary workaround until a patch is available. Restrict access to the /equipment/ component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Grocy versions 4.0.3 and earlier **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability in the `manageApiKeys` component. This vulnerability allows attackers to obtain a victim's cookies when the victim clicks on the "see QR code" function. **Recommendations** For Grocy versions 4.0.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grocy versions <= 4.0.3 **Description** A Cross-Site Scripting (XSS) issue exists in the 'product description' component within the "/api/stock/products" endpoint, allowing attackers to obtain a victim's cookies. This issue can be exploited by a local attacker to execute arbitrary code and obtain sensitive information. **Recommendations** For Grocy versions <= 4.0.3, update to a version greater than 4.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/stock/products" endpoint until a patch is available. Avoid using the 'product description' component in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Grocy versions prior to 4.0.4 **Description** The issue allows attackers to inject arbitrary HTML content without script execution, occurring when user-supplied data is not properly sanitized. This enables the injection of HTML tags through parameter values, allowing manipulation of page content in the QR code detail popup. The attack often involves social engineering tactics, exploiting user trust and the application's lack of proper input handling. **Recommendations** For Grocy versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'manageApiKeys' component to minimize the risk of exploitation. Avoid using user-supplied data in the QR code function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RackTables versions prior to 0.22.0 **Description** The issue exists due to the lack of protection for the web page structure in the /index.php?page=search component of the RackTables web application for managing data center assets. This allows a remote attacker to exploit the vulnerability and potentially disclose sensitive information. The vulnerability is a reflected cross-site scripting (XSS) issue, which enables local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. **Recommendations** For RackTables versions prior to 0.22.0, consider disabling the search component in index.php until a patch is available to prevent exploitation. Restrict access to the search functionality to minimize the risk of arbitrary code execution and sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop version 3.1.0-2-11973 **Description** The issue is related to a CSV injection in the export as CSV feature, allowing a local attacker to execute arbitrary code via a crafted script to the `export-v2.php` and `ajax.render.php` components. This is also associated with a buffer copy without checking the size of the input data, which can be exploited to execute arbitrary code. **Recommendations** For version 3.1.0-2-11973, consider disabling the export as CSV feature or restricting access to the `export-v2.php` and `ajax.render.php` components until a patch is available. As a temporary workaround, avoid using the export as CSV feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop version 3.1.0-2-11973 **Description** The issue allows a local attacker to obtain sensitive information via a crafted script to the `attrib manager id` parameter in the General Information page and the `id` parameter in the contact page. This is a Cross Site Scripting vulnerability. **Recommendations** For Combodo iTop version 3.1.0-2-11973, as a temporary workaround, consider restricting access to the General Information page and the contact page until a patch is available. Avoid using the `attrib manager id` and `id` parameters in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UrBackup Server version 2.5.31 **Description** The issue allows for brute-force enumeration of user accounts. This is possible because a failure message confirms when a username is not valid. **Recommendations** For UrBackup Server version 2.5.31, consider modifying the error messages to not disclose whether a username is valid or not, to prevent brute-force enumeration of user accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.