Pankaj Kumar Thakur

Name of the Vulnerable Software and Affected Versions: Apple Music Classical versions prior to 2.3 Description: The issue was addressed with improved checks. An application may be able to unexpectedly leak a user's credentials. Recommendations: Update to Apple Music Classical version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to conduct a cross-site scripting attack. The vulnerability is related to user input validation and sanitization issues, which can lead to authenticated reflected cross-site scripting (XSS) attacks. An attacker must first obtain authentication to the system in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (on-premise) (affected versions not specified) **Description** The issue is related to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. An attacker must first obtain authentication to Apex Central on the target system in order to exploit this issue. The vulnerability exists because of inadequate protection of the web page structure, which may allow a remote attacker to conduct a cross-site scripting attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (on-premise) (affected versions not specified) **Description** The issue is related to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. An attacker must first obtain authentication to Apex Central on the target system in order to exploit this issue. The vulnerability exists because of inadequate protection of the web page structure, which may allow a remote attacker to conduct an inter-site scripting attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central versions (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure. It may allow a remote attacker to conduct a cross-site scripting attack. The exploitation requires the attacker to first obtain authentication to the target system. This issue is related to user input validation and sanitization problems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Umbrella (affected versions not specified) **Description** The issue is related to unsanitized user input in multiple management dashboard pages, which could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the dashboard. An attacker could exploit this by submitting custom JavaScript to the web application and persuading a user to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.