Ryan Novotny

**Name of the Vulnerable Software and Affected Versions** MatrixAddons Easy Invoice versions through 2.0.9 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists due to insufficient sanitization of user-supplied data, potentially enabling an attacker to execute arbitrary code within the context of a user's browser. **Recommendations** Update to a version later than 2.0.9.

Name of the Vulnerable Software and Affected Versions: SaifuMak Add Custom Codes versions through 4.80 Description: An improper control of generation of code ('Code Injection') issue exists in SaifuMak Add Custom Codes, allowing code injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CWD Web Designer Easy Elements Hider versions 2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For CWD Web Designer Easy Elements Hider versions 2.0 and earlier, update to a version that fixes the Stored XSS issue, if available. As a temporary workaround, consider restricting user input to prevent malicious script injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rustaurius Ultimate Reviews versions n/a through 3.2.14 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. **Recommendations** For versions n/a through 3.2.14, update to a version later than 3.2.14 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the web page. Avoid using user-supplied input in sensitive functions until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Track, Analyze & Optimize by WP Tao versions 1.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For versions 1.3 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Improper Neutralization of Input During Web Page Generation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WC MyParcel Belgium versions 4.5.5 through beta **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions 4.5.5 through beta, consider disabling any functionality that allows user input to be reflected in web pages until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using user-supplied input in API endpoints, such as `/api/user/data`, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** M A Vinoth Kumar Category Widget versions n/a through 2.0.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the Category Widget. **Recommendations** For M A Vinoth Kumar Category Widget versions n/a through 2.0.2, update to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of Reflected XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** catkin ReDi Restaurant Reservation versions n/a through 24.1209 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions n/a through 24.1209, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.