Prasenjit Kanti Paul

**Name of the Vulnerable Software and Affected Versions** Cisco Webex (affected versions not specified) **Description** A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The issue is due to improper filtering of user-supplied input. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to conduct a cross-site scripting attack against the targeted user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex (affected versions not specified) **Description** A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The issue is due to improper filtering of user-supplied input. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to conduct a cross-site scripting attack against the targeted user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex (affected versions not specified) **Description** A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The issue is due to improper filtering of user-supplied input. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to conduct a cross-site scripting attack against the targeted user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings (affected versions not specified) **Description** A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This is due to insufficient validation of user-supplied parameters, such as `user-supplied parameters`. An attacker could exploit this vulnerability by sending a crafted HTTP request to the "account activation page" of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings (affected versions not specified) Description: The issue is related to insufficient validation of user-supplied input in the web-based management interface, which could allow a remote attacker to conduct a cross-site scripting (XSS) attack. This could be achieved by persuading a user to click a malicious link, potentially allowing the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Recommendations: For Cisco Webex Meetings, consider implementing additional validation for user-supplied input to the web-based management interface as a temporary workaround until a patch is available. Restrict access to the web-based management interface to minimize the risk of exploitation. Avoid using links from untrusted sources to prevent potential XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Forcepoint Web Security versions 8.x **Description** The issue allows for cross-site scripting (XSS) via host header injection. This means an attacker could potentially inject malicious scripts into a website, affecting users who visit the site. **Recommendations** For Forcepoint Web Security versions 8.x, consider restricting access to the host header to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CloudMe version 1.11.0 Description: An issue in CloudMe allows an unauthenticated local attacker to send a malicious payload to the CloudMe Sync client application, causing a buffer overflow condition. This can result in code execution or a crash. The attacker must be able to connect to the application listening on 127.0.0.1 port 8888. Recommendations: For CloudMe version 1.11.0, as a temporary workaround, consider restricting access to the CloudMe Sync client application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-600M C1 version 3.01 **Description** The issue exists due to inadequate protection of the web page structure in the administrative panel of the D-Link DIR-600M C1 Wi-Fi router's firmware. This allows a remote attacker to conduct a cross-site scripting (XSS) attack. The attack can be performed via the SSID or the name of a user account. **Recommendations** For D-Link DIR-600M C1 version 3.01, consider restricting access to the administrative panel until a patch is available. As a temporary workaround, avoid using user-supplied input in the SSID or user account name fields to minimize the risk of exploitation.