Simone Aiello

**Name of the Vulnerable Software and Affected Versions** Agenzia Impresa Eccobook version 2.81.1 **Description** A cross-site scripting (XSS) vulnerability exists in the PdfViewer component. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Temp` parameter. **Recommendations** As a temporary workaround, consider disabling the PdfViewer component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Agenzia Impresa Eccobook versions prior to 2.81.2 **Description** An Insecure Direct Object Reference (IDOR) vulnerability exists in the PdfHandler component. This allows unauthenticated attackers to read confidential documents. The vulnerability is triggered through the `DocumentoId` parameter. **Recommendations** Update Agenzia Impresa Eccobook to a version prior to 2.81.2.