Sergey Markov

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.2 **Description** The issue concerns the default Flash cross-domain policy, specifically the crossdomain.xml file, which does not properly restrict cross-domain access. This allows remote attackers to conduct cross-domain attacks. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open Flash Chart 2 Revive Adserver versions prior to 3.2.2 CA Release Automation versions prior to 5.0.2-227 CA Release Automation versions prior to 5.5.1-1616 CA Release Automation versions prior to 5.5.2-434 CA Release Automation versions prior to 6.1.0-1026 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `id` or `data-file` parameter, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For Open Flash Chart 2, update to a version that is not affected by this issue. For Revive Adserver versions prior to 3.2.2, update to version 3.2.2 or later. For CA Release Automation versions prior to 5.0.2-227, update to version 5.0.2-227 or later. For CA Release Automation versions prior to 5.5.1-1616, update to version 5.5.1-1616 or later. For CA Release Automation versions prior to 5.5.2-434, update to version 5.5.2-434 or later. For CA Release Automation versions prior to 6.1.0-1026, update to version 6.1.0-1026 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue allows remote attackers to read content from a different domain or zone via crafted characters in Cascading Style Sheets (CSS) token sequences. An information disclosure vulnerability exists in the way that Internet Explorer processes CSS special characters. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow information disclosure if a user viewed the webpage, potentially viewing content from another domain or Internet Explorer zone. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gallery 3 versions prior to 3.0.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For Gallery 3 versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gallery 3 versions prior to 3.0.4 **Description** The issue allows attackers to execute arbitrary PHP code via unknown vectors. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue.