Radjnies Bhansingh

**Name of the Vulnerable Software and Affected Versions** Gwolle Guestbook Plugin version 1.7.4 **Description** A vulnerability was found in the Gwolle Guestbook Plugin. This issue affects some unknown processing and leads to basic cross site scripting. The attack may be initiated remotely. **Recommendations** For Gwolle Guestbook Plugin version 1.7.4, consider updating to a newer version to mitigate the risk of cross site scripting attacks. As a temporary workaround, restrict access to the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Supsystic Popup Plugin version 1.7.6 **Description** A vulnerability was found in the Supsystic Popup Plugin, affecting some unknown processing, which leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Supsystic Popup Plugin version 1.7.6, update to a newer version to mitigate the risk of cross-site request forgery. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache Flex versions prior to 4.14.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. This occurs due to a vulnerability in the asdoc/templates/index.html file. **Recommendations** For versions prior to 4.14.1, update to version 4.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the asdoc component to minimize the risk of exploitation.