Oolongeya

**Name of the Vulnerable Software and Affected Versions** Python (affected versions not specified) **Description** The `js output()` function in `http.cookies.Morsel` returns an inline <script> snippet that only escapes double quotes for JavaScript string context. It fails to neutralize the HTML parser-sensitive sequence </script> within the generated script element, which could allow for script injection. **Recommendations** As a temporary workaround, consider restricting the use of the `js output()` function until a patch is available. Base64-encode the cookie value to prevent escaping via the cookie value.

**Name of the Vulnerable Software and Affected Versions** WooCommerce versions 5.4.0 through 10.5.2 **Description** The WooCommerce WordPress plugin does not properly handle batch requests, potentially allowing unauthenticated users to execute administrative actions on non-store REST endpoints. This could enable the creation of arbitrary administrator users through a Cross-Site Request Forgery (CSRF) attack. **Recommendations** Update WooCommerce to a version later than 10.5.2.