Taiga Shirakura

**Name of the Vulnerable Software and Affected Versions** SHIRASAGI versions prior to 1.18.0 **Description** A reflected cross-site scripting issue allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This enables the attacker to perform actions on the user's behalf. **Recommendations** For versions prior to 1.18.0, update to version 1.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SHIRASAGI versions prior to 1.18.0 **Description** A stored cross-site scripting issue allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This can lead to unauthorized actions being taken on behalf of the user. **Recommendations** For versions prior to 1.18.0, update to version 1.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 94 **Description** The issue is related to incorrect restriction of visualized layers in the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. **Recommendations** For versions prior to 94, update to version 94 or later to resolve the issue. As a temporary workaround, consider restricting access to internationalized domain names until the update is applied. Avoid using URLs with internationalized domain names in the affected browser versions until the issue is resolved.