Runningsnail

**Name of the Vulnerable Software and Affected Versions** Apache Jetspeed-2 (affected versions not specified) **Description** The issue arises from insufficient filtering of untrusted user input by default, leading to problems such as XSS, CSRF, XXE, and SSRF. Setting the configuration option `xss.filter.post = true` may help mitigate these issues. It's noted that Apache Jetspeed is a dormant project of Apache Portals, and no updates will be provided for this issue. **Recommendations** As a temporary workaround, consider setting the configuration option `xss.filter.post = true` to mitigate the issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Desktop Connection Manager (RDCMan) (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the Remote Desktop Connection Manager application. It occurs when the application improperly parses XML input containing a reference to an external entity. This could allow a remote attacker to gain unauthorized access to protected information using a file with an RDG extension containing XML content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions 2.9.0 through 2.11.0.M3 Description: A malicious attachment could trigger an issue that could lead to session hijacking. Recommendations: For Apache JSPWiki versions 2.9.0 through 2.11.0.M3, update to a version that contains a fix for this issue.