Roman Ferdigg

**Name of the Vulnerable Software and Affected Versions** PlantUML version 6.43 **Description** A vulnerability was found in the Database Information Macro component, which can be exploited to lead to cross-site scripting. The attack can be launched remotely. **Recommendations** For version 6.43, consider disabling the Database Information Macro component until a patch is available. Restrict access to the component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Refined Toolkit (affected versions not specified) **Description** A problematic issue was found in Refined Toolkit, affecting some unknown functionality of the component UI-Image/UI-Button. This issue leads to cross site scripting and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linking (affected versions not specified) **Description** A problematic vulnerability has been found in Linking, affecting an unknown part of the New Windows Macro component. This issue leads to cross-site scripting and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Countdown Timer (affected versions not specified) **Description** A problematic issue was found in the Macro Handler component, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Server Status (affected versions not specified) **Description** A problematic issue has been found in Server Status, affecting the component HTTP Status/SMTP Status. This issue leads to cross-site scripting and can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.