Rodrigo Favarini

**Name of the Vulnerable Software and Affected Versions** DESIGNA ABACUS versions prior to v.19 **Description** The issue allows an attacker to bypass the payment process via a crafted QR code. **Recommendations** For versions prior to v.19, update to a version that includes a fix for this issue to prevent bypassing the payment process. As a temporary workaround, consider restricting the use of QR code payments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WSO2 API Manager version 3.1.0 **Description** A Cross-Site Scripting (XSS) issue allows an attacker to hijack a logged-in user's session by stealing cookies. This enables a malicious hacker to change the logged-in user's password and invalidate the session of the victim while maintaining access. **Recommendations** For WSO2 API Manager version 3.1.0, update to a version that includes a fix for this issue to prevent session hijacking and unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.