Salt

**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions up to and including 2.11.2 **Description** A carefully crafted request on the "XHRHtml2Markup.jsp" endpoint could trigger an issue, allowing an attacker to execute javascript in the victim's browser and potentially obtain sensitive information about the victim. **Recommendations** For versions up to and including 2.11.2, update to version 2.11.3, which contains a fix for the problem. As a temporary workaround, consider restricting access to the "XHRHtml2Markup.jsp" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ghidra versions prior to 9.0.1 **Description** The issue allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. **Recommendations** For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue.