Rattapon Jitprajong

**Name of the Vulnerable Software and Affected Versions** Kentico Xperience version 13.0.44 **Description** The issue allows for cross-site scripting (XSS) via an XML document to the Media Libraries subsystem. **Recommendations** For Kentico Xperience version 13.0.44, consider restricting access to the Media Libraries subsystem until a patch is available. As a temporary workaround, avoid using XML documents in this subsystem to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Security Access Manager Appliance version 9.0.7 **Description** The issue allows an authenticated user to impersonate another user on the system because the session is not invalidated after logout. **Recommendations** For IBM Security Access Manager Appliance version 9.0.7, consider implementing a workaround to manually invalidate sessions after logout until a patch is available. As a temporary mitigation measure, restrict access to sensitive areas of the system to minimize the risk of impersonation.

**Name of the Vulnerable Software and Affected Versions** IBM Security Access Manager Appliance version 9.0 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This is due to a cross-site scripting issue. **Recommendations** For IBM Security Access Manager Appliance version 9.0, consider disabling access to the Web UI until a patch is available to prevent potential exploitation. Restrict access to sensitive areas of the Web UI to minimize the risk of credentials disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.