Rvismit

**Name of the Vulnerable Software and Affected Versions** Sentry version 6.0.9 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `z` parameter. **Recommendations** For Sentry version 6.0.9, consider restricting access to the vulnerable parameter `z` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyIO CPT Graphics version 0.8 **Description** An issue in the application allows attackers to discover valid users. **Recommendations** For EasyIO CPT Graphics version 0.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmartBear CodeCollaborator version 6.1.6102 **Description** The issue allows an attacker to conduct a clickjacking attack through the web UI. **Recommendations** For version 6.1.6102, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Gurock TestRail version 5.3.0.3603 Description: A vulnerability in the web UI of Gurock TestRail could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of `iFrame` data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious `iFrame` data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link. Recommendations: For version 5.3.0.3603, consider disabling the web UI or restricting access to it until a patch is available to prevent exploitation of the clickjacking vulnerability. As a temporary workaround, restrict the use of `iFrame` data in HTTP requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Edifecs Transaction Management versions prior to 2021-07-12 **Description** The issue allows an unauthenticated user to inject arbitrary text into a user's browser via the "logon.jsp?logon error=" parameter on the login screen of the Web application. This is achieved by exploiting the login screen's functionality. **Recommendations** For Edifecs Transaction Management versions prior to 2021-07-12, consider restricting access to the "logon.jsp" endpoint until a fix is available. As a temporary workaround, avoid using the "logon error" parameter in the login screen to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Teradici PCoIP Management Console-Enterprise version 20.07.0 Description: The issue allows an unauthenticated user to inject arbitrary text into a user's browser via the Web application. This can potentially lead to unauthorized access or manipulation of user sessions. Recommendations: For Teradici PCoIP Management Console-Enterprise version 20.07.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.