Sascha Grossenbacher

**Name of the Vulnerable Software and Affected Versions** Drupal Currency versions prior to 3.5.0 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Drupal Currency. This allows attackers to perform actions on behalf of authenticated users without their knowledge. CSRF occurs when a malicious website, email, or other communication tricks a user's browser into sending a request to a vulnerable web application. **Recommendations** Update Drupal Currency to version 3.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** File Entity versions 7.X-* through 7.X-2.38 **Description** The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to bypass security restrictions and conduct Cross-Site Scripting attacks. **Recommendations** For versions 7.X-* through 7.X-2.38, update to a version newer than 7.X-2.38 to resolve the issue. As a temporary workaround, consider restricting access to the File Entity module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PEAR Structures-DataGrid-DataSource-MDB2 versions 0.1.9 and earlier **Description** The issue allows attackers to manipulate the generated sorting queries due to an unspecified vulnerability in the fetch function in MDB2.php. **Recommendations** For versions 0.1.9 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.