Sajith

**Name of the Vulnerable Software and Affected Versions** Oracle Hyperion versions 11.1.2.5.216 and earlier **Description** The issue affects confidentiality, integrity, and availability. It is related to the Core component of the Oracle Hyperion Smart View for Office, running on Windows. The exact vectors of the issue are unknown. **Recommendations** For Oracle Hyperion versions 11.1.2.5.216 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eFront version 3.6.14 (build 18012) **Description** The issue allows remote authenticated administrators to inject arbitrary web script or HTML via the `Last name`, `Lesson name`, or `Course name` field in the `www/administrator.php` file. This can be exploited by injecting malicious code through these fields. **Recommendations** For eFront version 3.6.14 (build 18012), as a temporary workaround, consider restricting access to the `www/administrator.php` file until a patch is available. Avoid using the `Last name`, `Lesson name`, or `Course name` fields in this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Scientific Atlanta DPR2320R2 router version 2.0.2r1262-090417 **Description** The issue allows remote attackers to hijack the authentication of administrators for various requests, including changing a password via the `Password` parameter to "goform/RgSecurity" API endpoint, rebooting the device via the `Restart` parameter to "goform/restart" API endpoint, modifying Wi-Fi settings via the `WpaPreSharedKey` parameter to "goform/wlanSecurity" API endpoint, and modifying parental controls via the `ParentalPassword` parameter to "goform/RgParentalBasic" API endpoint. **Recommendations** For Cisco Scientific Atlanta DPR2320R2 router version 2.0.2r1262-090417, consider disabling access to the "goform/RgSecurity", "goform/restart", "goform/wlanSecurity", and "goform/RgParentalBasic" API endpoints until a patch is available. Restrict the use of the `Password`, `Restart`, `WpaPreSharedKey`, and `ParentalPassword` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.