Nozomi Iimura

**Name of the Vulnerable Software and Affected Versions** Musetheque V4 (affected versions not specified) IPKNOWLEDGE V4L1 versions prior to rev2203.1 **Description** A cross-site scripting issue exists where the administration page does not properly sanitize file information. If a file containing malicious content is uploaded, an arbitrary script may be executed in the web browser of a user viewing the file information page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IPKNOWLEDGE V4L1 versions prior to rev2203.0 **Description** A cross-site request forgery (CSRF) issue exists in Musetheque V4 Information Disclosure. This occurs when a logged-in user visits a malicious page, which can lead to the execution of unexpected operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.