Pius Walter

**Name of the Vulnerable Software and Affected Versions** MyTaag versions prior to 2024-11-24 **Description** The issue allows a remote attacker to escalate privileges via the "/user" endpoint. **Recommendations** For versions prior to 2024-11-24, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "/user" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MyTaag versions prior to 2024-11-24 **Description** The issue allows a physically proximate attacker to escalate privileges via the `2fa authorized` Local Storage key. **Recommendations** For versions prior to 2024-11-24, consider restricting access to the Local Storage key `2fa authorized` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyTaag versions prior to 2024-11-24 **Description** The issue allows a remote attacker to escalate privileges by deactivating the activated second factor via the "/session" endpoint. **Recommendations** For versions prior to 2024-11-24, consider disabling access to the "/session" endpoint until a fix is available. As a temporary workaround, restrict the ability to deactivate the second factor to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** CADClick versions 1.11.0 and earlier **Description** A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" allows remote attackers to inject arbitrary web script or HTML via the `wer` parameter. This flaw lets remote attackers inject malicious code. **Recommendations** For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "PrevPgGroup.aspx" page until a patch is available. Avoid using the `wer` parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CADClick versions 1.11.0 and below **Description** A reflected cross-site scripting (XSS) vulnerability exists in "ccHandlerResource.ashx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the `res url` parameter. **Recommendations** For CADClick versions 1.11.0 and below, consider disabling access to the "ccHandlerResource.ashx" handler until a patch is available. Restrict input to the `res url` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CADClick versions up to 1.11.0 **Description** A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" allows remote attackers to inject arbitrary web script or HTML via the `bomid` parameter. This vulnerability enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For CADClick versions up to 1.11.0, consider disabling access to the "ccHandler.aspx" page or restricting the use of the `bomid` parameter until a patch is available. Avoid using the `bomid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CADClick versions 1.11.0 and earlier **Description** A Path Traversal (Local File Inclusion) issue in "BinaryFileRedirector.ashx" allows remote attackers to retrieve arbitrary local files via the `path` parameter. This enables access to sensitive information on the affected system. **Recommendations** For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "BinaryFileRedirector.ashx" file until a patch is available. Avoid using the `path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CADClick versions 1.11.0 and earlier **Description** A SQL Injection issue in "ccHandler.aspx" allows remote attackers to execute arbitrary SQL commands via the `bomid` parameter. This enables attackers to potentially access or manipulate sensitive data. **Recommendations** For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "ccHandler.aspx" page until a patch is available. Avoid using the `bomid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CADClick versions 1.11.0 and earlier **Description** A reflected cross-site scripting (XSS) vulnerability is present in "Artikel.aspx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the `searchindex` parameter. This issue enables attackers to execute malicious scripts on the client-side. **Recommendations** For CADClick versions 1.11.0 and earlier, as a temporary workaround, consider restricting access to the "Artikel.aspx" page until a patch is available. Avoid using the `searchindex` parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Feripro versions prior to 2.2.4 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability. It can be exploited via the "/admin/programm/<program id>/zuordnung/veranstaltungen/<event id>" endpoint through the `school` input field. **Recommendations** For Feripro versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/programm/<program id>/zuordnung/veranstaltungen/<event id>" endpoint and validating the `school` input field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Feripro versions prior to 2.2.3 **Description** The issue concerns an Incorrect Access Control vulnerability. It affects the "/admin/programm/<program id>/export/statistics" endpoint, allowing remote attackers to export an XLSX file containing information about registrations and participants. **Recommendations** For versions prior to 2.2.3, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "/admin/programm/<program id>/export/statistics" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Feripro versions prior to 2.2.3 **Description** The issue is related to an Incorrect Access Control vulnerability. It affects the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint, allowing remote attackers to obtain a list of all users and their corresponding privileges. **Recommendations** For Feripro versions prior to 2.2.3, consider restricting access to the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint until a fix is available.