Shnien

**Name of the Vulnerable Software and Affected Versions** School App developed by Zyosoft (affected versions not specified) **Description** An Insecure Direct Object Reference (IDOR) issue exists, where authenticated remote attackers can modify a specific parameter to read and modify data belonging to other users. IDOR is a type of access control flaw that occurs when an application uses user-supplied input to access objects directly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ai3 QbiBot (affected versions not specified) **Description** The issue allows unauthenticated remote attackers to insert JavaScript code into the chat box due to improper filtering of user input. When the recipient views the message, they are subject to a Stored XSS attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Super 8 Live Chat (affected versions not specified) **Description** The issue allows unauthenticated remote attackers to insert JavaScript code into the chat box due to a failure to properly filter user input. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.