Rayhan Ahmed Niloy

**Name of the Vulnerable Software and Affected Versions** eta versions prior to 2.0.0 **Description** The issue allows for Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. This is exploitable only for users who are rendering templates with user-defined data. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of templates with user-defined data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OTRS AG Survey versions 6.0.20 and prior OTRS AG Survey versions 7.0.19 and prior **Description** The issue allows a survey administrator to craft a survey that can execute malicious code in the agent interface, affecting other agents who want to make changes to the survey. **Recommendations** For OTRS AG Survey versions 6.0.20 and prior, update to a version later than 6.0.20 to resolve the issue. For OTRS AG Survey versions 7.0.19 and prior, update to a version later than 7.0.19 to resolve the issue.