Parasimpaticki

**Name of the Vulnerable Software and Affected Versions** Raptive Ads versions 3.7.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions 3.7.3 and earlier, update to a version later than 3.7.3 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious script injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Raptive Ads plugin for WordPress versions up to, and including, 3.6.3 **Description** The issue is related to Reflected Cross-Site Scripting via the `poc` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.6.3, update to a version later than 3.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the `poc` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thomas Maier Image Source Control versions n/a through 2.29.0 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables attackers to inject malicious scripts into web pages. **Recommendations** For versions n/a through 2.29.0, update to a version later than 2.29.0 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious script injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bold pagos en linea versions prior to 3.1.0 **Description** The issue is related to improper neutralization of input during web page generation, allowing DOM-Based XSS. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions prior to 3.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive features or disabling the use of dynamic content generation until a patch is available. Avoid using user-supplied input in the affected API endpoints until the issue is resolved.