Pham Van Khanh

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could exploit this to perform remote cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modicon M340 CPUs versions prior to V3.40 Modicon M340 X80 Ethernet Communication Modules versions (all versions) Modicon Premium Processors with integrated Ethernet versions (all versions) Modicon Quantum Processors with Integrated Ethernet versions (all versions) Modicon Quantum Communication Modules versions (all versions) Modicon Premium Communication Modules versions (all versions) **Description** The issue is related to a buffer overflow in the software of programmable logic controllers. An attacker can exploit this by sending specially crafted HTTP requests, potentially causing a denial of service. **Recommendations** For Modicon M340 CPUs versions prior to V3.40, update to version V3.40 or later. For Modicon M340 X80 Ethernet Communication Modules, restrict access to the web server until a patch is available. For Modicon Premium Processors with integrated Ethernet, consider disabling the HTTP server functionality until a fix is provided. For Modicon Quantum Processors with Integrated Ethernet, avoid using the vulnerable communication modules until an update is released. For Modicon Quantum Communication Modules and Modicon Premium Communication Modules, limit network exposure to these modules until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to errors in the user interface's information representation in Microsoft SharePoint Enterprise Server. It allows a remote attacker to perform a spoofing attack, potentially affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure DevOps Server and Team Foundation Services (affected versions not specified) **Description** The issue is related to incorrect code generation management in Azure DevOps Server and Team Foundation Server. Exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: The issue is related to the failure to protect the web page structure in Microsoft Dynamics 365, allowing for potential cross-site scripting attacks. An attacker could exploit this to perform remote actions. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a crafted request, allowing cross-site scripting attacks on affected systems. This could enable the attacker to read unauthorized content, use the victim's identity to take actions within Dynamics Server, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a specially crafted request, allowing them to perform cross-site scripting attacks. These attacks could enable the attacker to read unauthorized content, use the victim's identity to take actions within the Dynamics Server, such as changing permissions and deleting content, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a crafted request, allowing them to perform cross-site scripting attacks. These attacks could enable the attacker to read unauthorized content, use the victim's identity to take actions within the Dynamics Server, such as changing permissions and deleting content, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. This could allow a remote attacker to perform cross-site scripting attacks, potentially enabling them to read unauthorized content, use the victim's identity to take actions on the SharePoint site, change permissions, delete content, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.16 **Description** The issue is related to inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript, which allows XSS attacks. **Recommendations** For versions prior to 3.9.16, update to version 3.9.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CKEditor 4 WSC plugin versions through 5.5.7.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. **Recommendations** For CKEditor 4 WSC plugin versions through 5.5.7.5, consider disabling the WSC plugin until a patch is available to prevent exploitation of the XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in Microsoft Exchange Server, which is associated with insufficient access restrictions. This could allow a remote attacker to exploit the vulnerability and gain elevated privileges, potentially giving them the same rights as other users of the Exchange server. As a result, the attacker may be able to access the mailboxes of other users and perform other activities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.