Pradeep Jairamani

Name of the Vulnerable Software and Affected Versions: Apache OFBiz version 17.12.01 Description: The issue concerns Host header injection, where the software accepts arbitrary host headers. This can potentially lead to various security issues. Recommendations: For Apache OFBiz version 17.12.01, as a temporary workaround, consider restricting access to the `Host` header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 8.7.11 TYPO3 version 9.1.0 **Description** The issue concerns a problem where an admin can enter a crafted site name during the installation process, leading to XSS via `$GLOBALS['TYPO3 CONF VARS']['SYS']['sitename']`. This occurs in the page module of the software. **Recommendations** For TYPO3 versions prior to 8.7.11, update to version 8.7.11 or later to resolve the issue. For TYPO3 version 9.1.0, consider disabling the use of the `$GLOBALS['TYPO3 CONF VARS']['SYS']['sitename']` variable until a patch is available. As a temporary workaround, restrict access to the page module to minimize the risk of exploitation.