Satoki

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** Insufficient validation of untrusted input in Cookies allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** ClipBucket versions 5.5.2 through 5.5.2-#156 **Description** An authenticated regular user can create a photo collection with a collection name containing HTML/JavaScript payloads. This makes the Manage Photos feature susceptible to Stored Cross-Site Scripting (XSS). The payload is rendered unsafely within the Admin → Manage Photos interface, leading to execution in the administrator’s browser. This allows an attacker to target administrators and potentially perform actions with elevated privileges. **Recommendations** Update to version 5.5.2-#157 or later.