R0Hansh

**Name of the Vulnerable Software and Affected Versions** Mastodon versions prior to 3.5.0 **Description** The issue allows a bypass of e-mail restrictions in the app/models/user.rb file. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** hakimel/reveal.js versions prior to 4.3.0 **Description** The issue is related to Cross-site Scripting (XSS) - DOM. Specifically, the onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. This allows any origin to postMessage on the browser window and feed attacker's input to parts, which can execute arbitrary javascript code on the victim's browser window hosting reveal.js. **Recommendations** For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the `onmessage` event listener in /plugin/notes/speaker-view.html until a patch is available. Restrict access to the /plugin/notes/speaker-view.html module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions prior to 3.5.0 **Description** The issue is related to Prototype Pollution in the GitHub repository mastodon/mastodon. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS Server versions prior to 5.11 Description: An issue existed in the parsing of URLs, which was addressed with improved input validation. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. Recommendations: For macOS Server versions prior to 5.11, update to version 5.11 to resolve the issue. As a temporary workaround, consider restricting access to URLs that may be maliciously crafted until the update is applied.