Ralph Meier

**Name of the Vulnerable Software and Affected Versions** VIWIS LMS version 9.11 **Description** A vulnerability has been found in the File Upload component of VIWIS LMS, affecting an unknown functionality. The manipulation of the `filename` argument leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. **Recommendations** For VIWIS LMS version 9.11, upgrade to version 9.12 to address the issue. As a temporary workaround, consider restricting the use of the File Upload component until the upgrade is applied.

Name of the Vulnerable Software and Affected Versions: VIWIS LMS version 9.11 Description: A critical issue was found in the Print Handler component, leading to missing authorization. This allows a user with the role learner to access the entire exam, including solutions, in the web application using the administrative print function with an active session before and after an exam slot. The attack can be launched remotely. Recommendations: For VIWIS LMS version 9.11, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the administrative print function for users with the learner role until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FileCloud versions prior to 21.3.5.18513 **Description** A critical vulnerability has been found in FileCloud, affecting the NTFS handler, which leads to improper access controls. The issue can be exploited remotely, but it requires some form of authentication. **Recommendations** For versions prior to 21.3.5.18513, upgrade to version 21.3.5.18513 to address this issue. As a temporary workaround, consider restricting access to the NTFS handler until the upgrade is applied.