Psych0Tr1A

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 3.11 Rocket.Chat version 3.10.5 Rocket.Chat version 3.9.7 Rocket.Chat version 3.8.8 **Description** The issue allows a remote attacker to inject arbitrary JavaScript in a message using nested markdown tags, leading to persistent cross-site scripting (XSS). This flaw can result in arbitrary file read and remote code execution (RCE) on the Rocket.Chat desktop app. **Recommendations** For Rocket.Chat version 3.8.8, update to a version later than 3.8.8 to resolve the issue. For Rocket.Chat version 3.9.7, update to a version later than 3.9.7 to resolve the issue. For Rocket.Chat version 3.10.5, update to a version later than 3.10.5 to resolve the issue. For Rocket.Chat versions prior to 3.11, update to version 3.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Invision Power Board versions 3.3.1 through 3.4.8 **Description** The issue is related to Stored XSS, which can lead to Remote Code Execution. **Recommendations** For Invision Power Board versions 3.3.1 through 3.4.8, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.5 **Description** The issue allows remote attackers to inject arbitrary JavaScript code into any message on the forum via multiple stored XSS. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.