Secuserx

Name of the Vulnerable Software and Affected Versions: Odyssey CMS versions up to 10.34 Description: A key management error can occur due to the manipulation of the `g-recaptcha-response` argument in an unknown function of the file /modules/odyssey contact form/odyssey contact form.php of the component reCAPTCHA Handler. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For Odyssey CMS versions up to 10.34, as a temporary workaround, consider restricting access to the reCAPTCHA Handler component until a patch is available. Avoid using the `g-recaptcha-response` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelligent Apps Freenow App version 12.10.0 **Description** A problem was found in the Intelligent Apps Freenow App, affecting some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument `DEFAULT KEYSTORE PASSWORD` with the input `changeit` leads to the use of a hard-coded password. The attack may be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider restricting access to the Keystore Handler component until a patch is available. Update the app immediately to mitigate the risk of unauthorized access. Monitor for signs of compromise.

**Name of the Vulnerable Software and Affected Versions** MonoCMS versions up to 20240528 **Description** A problematic issue was found in MonoCMS, affecting an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the `userid` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For MonoCMS versions up to 20240528, as a temporary workaround, consider restricting access to the /monofiles/account.php file until a patch is available. Avoid using the `userid` argument in the affected Account Information Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MonoCMS up to 20240528 **Description** A vulnerability was found in MonoCMS, affecting an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the `filtcategory` and `filtstatus` arguments leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For MonoCMS up to 20240528, as a temporary workaround, consider restricting access to the /monofiles/opensaved.php file until a patch is available. Avoid using the `filtcategory` and `filtstatus` arguments in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A problematic issue was found in the PHPGurukul Online Shopping Portal, affecting unknown code of the file /admin/assets/plugins/DataTables/media/unit testing/templates/two tables.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the /admin/assets/plugins/DataTables/media/unit testing/templates/two tables.php file until a patch is available. Restrict the use of the `scripts` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** A vulnerability was found in the PHPGurukul Hospital Management System, affecting the file betweendates-detailsreports.php. The manipulation of the `fromdate` and `todate` arguments leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For PHPGurukul Hospital Management System version 4.0, update to the latest release to mitigate risks. As a temporary workaround, consider validating the `fromdate` and `todate` inputs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** A vulnerability was found in the PHPGurukul Hospital Management System, affecting some unknown processing of the file hms/doctor/search.php. The manipulation of the argument `searchdata` leads to cross-site scripting. The attack may be initiated remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For PHPGurukul Hospital Management System version 4.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `searchdata` argument in the affected file hms/doctor/search.php until a patch is available. Avoid using the `searchdata` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A security issue was identified in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file `/admin/assets/plugins/DataTables/media/unit testing/templates/html table.php`. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the `/admin/assets/plugins/DataTables/media/unit testing/templates/html table.php` file until a patch is available. Restrict the use of the `scripts` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A problematic issue has been found in the PHPGurukul Online Shopping Portal, affecting some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/js data.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the /admin/assets/plugins/DataTables/media/unit testing/templates/js data.php file until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of cross-site scripting exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A problematic issue has been found in the PHPGurukul Online Shopping Portal, affecting an unknown function of the file /admin/assets/plugins/DataTables/media/unit testing/templates/empty table.php. The manipulation of the `scripts` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the affected file /admin/assets/plugins/DataTables/media/unit testing/templates/empty table.php until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/complex header 2.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, as a temporary workaround, consider disabling the functionality related to the file /admin/assets/plugins/DataTables/media/unit testing/templates/complex header 2.php until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the `scripts` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/deferred table.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, as a temporary workaround, consider disabling access to the `/admin/assets/plugins/DataTables/media/unit testing/templates/deferred table.php` file until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A vulnerability has been identified in PHPGurukul Online Shopping Portal, affecting an unknown part of the file /admin/assets/plugins/DataTables/media/unit testing/templates/dom data.php. The manipulation of the `scripts` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, as a temporary workaround, consider disabling access to the `/admin/assets/plugins/DataTables/media/unit testing/templates/dom data.php` file until a patch is available. Restrict the use of the `scripts` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A problematic vulnerability was found in the PHPGurukul Online Shopping Portal, affecting the file /admin/assets/plugins/DataTables/media/unit testing/templates/dom data th.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the vulnerable file /admin/assets/plugins/DataTables/media/unit testing/templates/dom data th.php until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of cross-site scripting exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting unknown code of the file admin/assets/plugins/DataTables/media/unit testing/templates/dom data two headers.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the `admin/assets/plugins/DataTables/media/unit testing/templates/dom data two headers.php` file until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of cross-site scripting exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A security issue affects the processing of the file /admin/assets/plugins/DataTables/media/unit testing/templates/dymanic table.php. The manipulation of the `scripts` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, consider disabling access to the /admin/assets/plugins/DataTables/media/unit testing/templates/dymanic table.php file until a patch is available. Restrict the manipulation of the `scripts` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Car Rental Portal version 1.0 **Description** A vulnerability was found in the processing of the file /search.php, where the manipulation of the `searchdata` argument leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** For PHPGurukul Car Rental Portal version 1.0, as a temporary workaround, consider restricting access to the /search.php file until a patch is available. Avoid using the `searchdata` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cosmote Greece What's Up App version 4.47.3 **Description** A problematic issue has been found in the Cosmote Greece What's Up App, affecting the Realm Database Handler component, specifically the file gr/desquared/kmmsharedmodule/db/RealmDB.java. The manipulation of the `defaultRealmKey` argument leads to the use of a default cryptographic key. Local access is required to approach this attack, and the complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Cosmote Greece What's Up App version 4.47.3, update to a patched version as soon as possible and rotate encryption keys to mitigate the risk of sensitive data exposure. As a temporary workaround, consider restricting access to the Realm Database Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Shopping Portal version 2.0 **Description** A vulnerability was found in the PHPGurukul Online Shopping Portal, allowing for cross-site scripting (XSS) attacks. The issue is related to an unknown function in the file /shopping/admin/assets/plugins/DataTables/examples/examples support/editable ajax.php, where the manipulation of the `argument value` leads to XSS. This can be exploited remotely. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For PHPGurukul Online Shopping Portal version 2.0, patch immediately and validate all user inputs to prevent malicious script injection. As a temporary workaround, consider restricting access to the vulnerable file editable ajax.php until a patch is available. Avoid using potentially vulnerable functions in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.