Puncsky

**Name of the Vulnerable Software and Affected Versions** touchbase.ai versions prior to 2.0 **Description** The issue allows an attacker to inject HTML payloads, which could result in defacement, user redirection to a malicious webpage or website. **Recommendations** For versions prior to 2.0, update to version 2.0 to resolve the issue. As a temporary workaround, consider restricting user input to prevent HTML payload injection until the update is applied.

**Name of the Vulnerable Software and Affected Versions** touchbase.ai versions prior to 2.0 **Description** The issue impacts touchbase.ai, allowing for Open Redirect attacks. These attacks can lead to theft of information and credentials, redirection to malicious websites with attacker-controlled content, and in some cases, even cause XSS attacks. Although Open Redirect might seem harmless, its impacts can be severe if exploitable. **Recommendations** For versions prior to 2.0, update to version 2.0 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable endpoints to minimize the risk of exploitation.