Ryoya Koyama

Name of the Vulnerable Software and Affected Versions: Wekan versions 3.12 through 4.11 Description: The issue concerns multiple stored cross-site scripting vulnerabilities in Wekan, an open source kanban board system. This set of vulnerabilities is referred to as 'Fieldbleed' by the vendor. Recommendations: For Wekan versions 3.12 through 4.11, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exment versions prior to 3.6.0 **Description** A cross-site scripting issue allows remote authenticated attackers to inject arbitrary script or HTML. **Recommendations** For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exment versions prior to 3.6.0 **Description** A cross-site scripting issue allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. **Recommendations** For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SHIRASAGI versions 1.13.1 and earlier **Description** The issue allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. The exact vectors used for the attack are not specified. **Recommendations** For SHIRASAGI versions 1.13.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.