Patrickrbc

**Name of the Vulnerable Software and Affected Versions** express-cart versions 1.1.5 and earlier **Description** A deficiency in the access control in the express-cart module allows unprivileged users to add new users to the application as administrators. **Recommendations** For express-cart versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the user management functionality to prevent unprivileged users from adding new administrators.

**Name of the Vulnerable Software and Affected Versions** Intelbras NPLUG version 1.0.0.14 **Description** The issue allows an attacker to authenticate in the web interface by using "admin:" as the name of a cookie. This means that an attacker can potentially gain access to the device without needing a valid password. **Recommendations** For Intelbras NPLUG version 1.0.0.14, consider disabling the web interface until a patch is available to prevent potential exploitation. Restrict access to the device to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Intelbras NPLUG version 1.0.0.14 **Description** The issue affects the web interface of the device, where the lack of CSRF token protection allows attackers to perform various actions. These actions include changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. **Recommendations** For Intelbras NPLUG version 1.0.0.14, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras NPLUG version 1.0.0.14 **Description** The issue allows for XSS via a crafted SSID received through a network broadcast. **Recommendations** For Intelbras NPLUG version 1.0.0.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.