Ppb

Name of the Vulnerable Software and Affected Versions: Western Bridge Cobub Razor version 0.7.2 Description: An issue was discovered where authentication is not required for the "/index.php?/install/installation/createuserinfo" API endpoint, resulting in the ability to create accounts without proper authorization. Recommendations: For Western Bridge Cobub Razor version 0.7.2, consider restricting access to the "/index.php?/install/installation/createuserinfo" endpoint until a fix is available, and ensure that proper authentication mechanisms are implemented to prevent unauthorized account creation.

Name of the Vulnerable Software and Affected Versions: Western Bridge Cobub Razor version 0.7.2 Description: An issue was discovered where authentication is not required for the "/index.php?/manage/channel/modifychannel" API endpoint. This allows for stored XSS to be triggered during a later "/index.php?/manage/channel" request by an admin, for example, with a crafted channel name. Recommendations: For Western Bridge Cobub Razor version 0.7.2, as a temporary workaround, consider restricting access to the "/index.php?/manage/channel/modifychannel" API endpoint to require authentication. Additionally, restrict the use of crafted channel names to minimize the risk of stored XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.