Raphaël Arrouas

**Name of the Vulnerable Software and Affected Versions** BOINC Server versions through 1.4.7 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in BOINC Server. **Recommendations** For BOINC Server versions through 1.4.7, update to a version later than 1.4.7 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BOINC Server versions through 1.4.7 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in BOINC Server. **Recommendations** For versions through 1.4.7, update to a version later than 1.4.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BOINC Server versions prior to 1.4.5 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions on behalf of users. **Recommendations** For BOINC Server versions prior to 1.4.5, update to version 1.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0 **Description** The issue is related to unauthenticated remote code execution when access to campaign creation is granted on the front-office, due to unrestricted file upload allowing PHP code injection. **Recommendations** For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the campaign creation feature on the front-office to minimize the risk of exploitation. Avoid using the unrestricted file upload feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AnyMailing Joomla Plugin versions prior to 8.3.0 **Description** The issue is related to missing access control in the AnyMailing Joomla Plugin, allowing unauthorized access to sensitive information and system files via path traversal. This occurs when a user is granted access to campaign creation on the front office. **Recommendations** For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to campaign creation on the front office to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0 **Description** The issue is related to stored cross-site scripting (XSS) in templates and emails of AcyMailing. It is exploitable without authentication when access is granted to the campaign's creation on the front office. **Recommendations** For versions prior to 8.3.0, update to version 8.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the campaign's creation on the front office to minimize the risk of exploitation.