Norman Kämper-Leymann

**Name of the Vulnerable Software and Affected Versions** Drupal Simple Klaro versions 0.0.0 through 1.10.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Cross-Site Scripting (XSS) attacks. **Recommendations** For versions 0.0.0 through 1.10.0, update to version 1.10.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Simple Klaro versions 0.0.0 through 1.10.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Cross-Site Scripting (XSS) attacks. **Recommendations** For versions 0.0.0 through 1.10.0, update to version 1.10.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Commerce View Receipt versions 0.0.0 through 1.0.2 **Description** The issue is related to insufficient authorization procedures in the Commerce View Receipt module of the Drupal CMS system. This can allow a remote attacker to bypass security restrictions and perform a forceful browsing attack. **Recommendations** For versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Commerce View Receipt module until a patch is applied.