Taha Yildirim

**Name of the Vulnerable Software and Affected Versions** Hotech Software Inc. Otello versions 2.4.0 through 2.4.3 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The issue impacts the Otello application. Cross-site scripting (XSS) is a type of security flaw that allows attackers to inject malicious code into websites viewed by other users. **Recommendations** Update to a version later than 2.4.3.

**Name of the Vulnerable Software and Affected Versions** Kron PAM versions prior to 3.7 **Description** Kron PAM is susceptible to a denial-of-service (DoS) attack due to unrestricted resource allocation. This allows an attacker to exhaust system resources via HTTP requests. **Recommendations** Update Kron PAM to version 3.7 or later.

**Name of the Vulnerable Software and Affected Versions** Kron PAM versions prior to 3.7 **Description** Kron PAM is susceptible to a Stored Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts. **Recommendations** Update Kron PAM to version 3.7 or later.

**Name of the Vulnerable Software and Affected Versions** Bitbucket Data Center versions 8.0.0 through 8.9.12 Bitbucket Data Center versions 8.19.0 through 8.19.1 **Description** The issue is an open redirect vulnerability that allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site. This can be utilized for further exploitation and has low impact to confidentiality, with no impact to integrity and availability, requiring user interaction. **Recommendations** For Bitbucket Data Center versions 8.0.0 through 8.9.12, upgrade to version 8.9.13 or later. For Bitbucket Data Center versions 8.19.0 through 8.19.1, upgrade to version 8.19.2 or later.