Osher Assor

**Name of the Vulnerable Software and Affected Versions** Verint (affected versions not specified) **Description** The issue is related to improper neutralization of script-related HTML tags in a web page, which can lead to basic cross-site scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Verint (affected versions not specified) **Description** The issue concerns an unrestricted upload of a file with a dangerous type, classified as CWE-434. This could potentially allow an attacker to upload malicious files, leading to various security issues. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyundai model version 2017 **Description** The issue is related to an authentication bypass by capture-replay, identified as CWE-294. This allows for unauthorized access. **Recommendations** For the Hyundai model version 2017, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mazda model versions 2015 through 2016 **Description** The issue allows a Mazda model to be unlocked via an unspecified method. **Recommendations** For Mazda model versions 2015 through 2016, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AgilePointServer (affected versions not specified) **Description** The issue concerns editable SQL queries that are Base64 encoded and sent from the client-side to the server-side for a specific API used in the legacy Work Center module. This can be exploited by any authenticated user, regardless of the rule type, by utilizing the `/AgilePointServer/Extension/FetchUsingEncodedData` API endpoint with the `EncodedData` parameter. **Recommendations** For AgilePointServer, as a temporary workaround, consider restricting access to the `/AgilePointServer/Extension/FetchUsingEncodedData` API endpoint until a patch is available. Additionally, avoid using the `EncodedData` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.