Satoshi Horikoshi

**Name of the Vulnerable Software and Affected Versions** Powered BLUE Server versions 0.20130927 and prior **Description** Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability that could lead to the disclosure of arbitrary files within the affected product. **Recommendations** Update to a version of Powered BLUE Server later than 0.20130927.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 5.1.0 **Description** The issue allows a remote authenticated attacker with administrative privileges to execute an arbitrary script on the web browser of the user logging in to the product. This is achieved through a cross-site scripting vulnerability. **Recommendations** For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IPFire versions prior to 2.27 **Description** The issue allows a remote authenticated attacker with administrative privilege to inject an arbitrary script due to multiple stored cross-site scripting vulnerabilities in the web user interface. **Recommendations** For IPFire versions prior to 2.27, update to version 2.27 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LiteCart versions prior to 2.4.2 **Description** A cross-site scripting issue allows a remote attacker to inject an arbitrary script via unspecified vectors. **Recommendations** For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue.