P4Rkjw

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.10.7 TinyMCE versions prior to 6.3.1 **Description** A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. **Recommendations** To avoid this vulnerability, upgrade to TinyMCE 5.10.7 or higher for TinyMCE 5.x. To avoid this vulnerability, upgrade to TinyMCE 6.3.1 or higher for TinyMCE 6.x. As a temporary workaround, ensure the `images upload handler` returns a valid value as per the images upload handler documentation.

**Name of the Vulnerable Software and Affected Versions** Naver Cloud Explorer versions prior to 2.2.2.11 **Description** The issue allows an attacker to download and execute an arbitrary file from their server during the upgrade process. **Recommendations** For versions prior to 2.2.2.11, update to version 2.2.2.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Naver Vaccine version 2.1.4 **Description** The issue allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within nsz archive. This is due to a problem in the nsGreen.dll component. **Recommendations** For Naver Vaccine version 2.1.4, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the nsGreen.dll component to minimize the risk of exploitation.