Seohyeon Lee

**Name of the Vulnerable Software and Affected Versions** UusWeb.Ee WS Contact Form versions 1.3.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.7 and earlier, update to a version that fixes the Stored XSS issue. As a temporary workaround, consider restricting user input in the contact form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webstix Admin Dashboard versions n/a through 3.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the Webstix Admin Dashboard RSS Feed. **Recommendations** For versions n/a through 3.1, update to a version that contains a fix for this issue to prevent Stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Job Board Manager versions prior to 2.1.58 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 2.1.58, update to version 2.1.58 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Delower WP To Do versions 1.3.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Delower WP To Do versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of Stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Dextaz Ping versions 0.65 and earlier **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. This allows Command Injection in Dextaz Ping. **Recommendations** For versions 0.65 and earlier, update to a version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the command execution functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** URBAN BASE Z-Downloads versions 1.11.3 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Z-Downloads component. **Recommendations** For versions 1.11.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Save as Image plugin by Pdfcrowd versions 3.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into a website, potentially affecting users who access the compromised page. **Recommendations** For versions 3.2.1 and earlier, update to a version later than 3.2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Save as PDF plugin by Pdfcrowd versions 3.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For Save as PDF plugin by Pdfcrowd versions 3.2.1 and earlier, update to a version later than 3.2.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Sukhchain Singh Auto Poster versions 1.2 and earlier **Description** The issue affects the Auto Poster, allowing for the unrestricted upload of files with dangerous types. **Recommendations** For versions 1.2 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.