Paulos Yibelo

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.37 **Description** The issue arises from custom MyCode (BBCode) for the visual editor ( SCEditor ) not escaping input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active and operates on a maliciously crafted MyCode message. The impact can occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. **Recommendations** For MyBB versions prior to 1.8.37, upgrade to version 1.8.37 to resolve the issue. As a temporary workaround, consider disabling the visual editor globally by setting Clickable Smilies and BB Code → Clickable MyCode Editor to Off in the Admin CP. Alternatively, individual users can disable the visual editor by unchecking the Show the MyCode formatting options on the posting pages checkbox in their User CP.

**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.11.2 **Description** A carefully crafted user preferences submission could trigger an issue related to the user preferences screen, allowing an attacker to execute javascript in the victim's browser and potentially obtain sensitive information. **Recommendations** For versions prior to 2.11.2, upgrade to 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the user preferences screen until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.11.2 **Description** The Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. **Recommendations** For versions prior to 2.11.2, upgrade to 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the user preferences form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to 10.15.1 Security Update versions prior to 2019-001 Security Update versions prior to 2019-006 **Description** Parsing a maliciously crafted text file may lead to disclosure of user information. This issue was addressed with improved checks. **Recommendations** For macOS Catalina versions prior to 10.15.1, update to macOS Catalina 10.15.1 or later to resolve the issue. For Security Update versions prior to 2019-001, apply Security Update 2019-001 or later to resolve the issue. For Security Update versions prior to 2019-006, apply Security Update 2019-006 or later to resolve the issue. As a temporary workaround, consider avoiding the use of text files from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Hotspot Shield (affected versions not specified) **Description** The issue concerns a web server running on Hotspot Shield with a static IP address and port 895. This web server utilizes JSONP and stores sensitive configuration information. An unauthenticated attacker can exploit this by sending a POST request to the "/status.js" API endpoint with the parameter `func=$ APPLOG.Rfunc`, allowing them to extract sensitive machine information. This includes details about the user's VPN connection status, the specific VPN connected to, and the user's real IP address. **Recommendations** For Hotspot Shield, consider restricting access to the "/status.js" API endpoint to prevent unauthorized data extraction until a patch is available. As a temporary workaround, disabling the `$ APPLOG.Rfunc` parameter in the POST request to "/status.js" may help mitigate the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue was discovered that allows SQL injection due to the misuse of mysql real escape string. The seos/courier/communication p2p.php endpoint is vulnerable, specifically with the `app id` parameter. **Recommendations** For versions prior to FTA 9 12 180, update to FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the seos/courier/communication p2p.php endpoint to minimize the risk of exploitation. Avoid using the `app id` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue was discovered in Accellion FTA devices, where there is a cross-site scripting (XSS) vulnerability in the "home/seos/courier/smtpg add.html" endpoint with the `param` parameter. **Recommendations** For versions prior to FTA 9 12 180, update to version FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home/seos/courier/smtpg add.html" endpoint to minimize the risk of exploitation. Avoid using the `param` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue was discovered that allows for a CRLF attack vector through the `auth params` in the "home/seos/courier/login.html" endpoint. **Recommendations** For versions prior to FTA 9 12 180, update to FTA 9 12 180 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue was discovered in Accellion FTA devices. There is a cross-site scripting (XSS) issue in the "home/seos/courier/user add.html" endpoint with the `param` parameter. **Recommendations** For versions prior to FTA 9 12 180, update to FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home/seos/courier/user add.html" endpoint to minimize the risk of exploitation. Avoid using the `param` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue allows an attacker to bypass the Same Origin Policy by sending a POST request to the "home/seos/courier/web/wmProgressstat.html.php" endpoint with an attacker domain in the `acallow` parameter, resulting in the device responding with an Access-Control-Allow-Origin header that grants site access to the attacker. **Recommendations** For Accellion FTA versions prior to FTA 9 12 180, update to version FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home/seos/courier/web/wmProgressstat.html.php" endpoint to minimize the risk of exploitation. Avoid using the `acallow` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Accellion FTA versions prior to FTA 9 12 180 **Description** An issue was discovered that allows SSRF attacks. The problem arises from a regular expression, intended to match local https URLs, lacking an initial ^ character. This affects the courier/web/1000@/wmProgressval.html endpoint, allowing attacks with a file:///etc/passwd#https:// URL pattern. **Recommendations** For versions prior to FTA 9 12 180, update to version FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the courier/web/1000@/wmProgressval.html endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.65 **Description** The issue is related to a buffer overflow in the CertificateResourceHandler function, which handles MIME certificates. This can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code. Multiple unspecified vulnerabilities in Google Chrome allow attackers to cause a denial of service or possibly have other impact via unknown vectors. **Recommendations** For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** CatBot version 0.4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lastcatbot` parameter in the "index.php" endpoint. **Recommendations** For CatBot version 0.4.2, consider restricting access to the `lastcatbot` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `lastcatbot` parameter to minimize the risk of exploitation.