Tf1T

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get stock balance for()` function located at `erpnext/stock/doctype/stock reconciliation/stock reconciliation.py` is susceptible to SQL Injection. An attacker can inject a SQL query through the `inventory dimensions dict` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get stock balance for()` function at `erpnext/stock/doctype/stock reconciliation/stock reconciliation.py` to prevent SQL Injection through the `inventory dimensions dict` parameter.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The function `get blanket orders()` at `erpnext/controllers/queries.py` is susceptible to SQL Injection. An attacker can potentially extract information from databases by injecting a SQL query into the `blanket order type` parameter. **Recommendations** Apply a fix for the SQL Injection issue in the `get blanket orders()` function at `erpnext/controllers/queries.py` in version 15.57.5.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get material requests based on supplier()` function located at `erpnext/stock/doctype/material request/material request.py` is susceptible to SQL Injection. An attacker can inject a SQL query into the `txt` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get material requests based on supplier()` function at `erpnext/stock/doctype/material request/material request.py` to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get rfq containing supplier()` function located at `erpnext/buying/doctype/request for quotation/request for quotation.py` is susceptible to SQL Injection. An attacker can inject a SQL query through the `txt` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix that properly sanitizes the `txt` parameter used in the `get rfq containing supplier()` function.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `import coa()` function located at `erpnext/accounts/doctype/chart of accounts importer/chart of accounts importer.py` is susceptible to SQL injection. An attacker can inject a SQL query through the `company` parameter, potentially allowing extraction of all data from databases. The vulnerable function is `import coa()`. **Recommendations** Apply a fix for Frappe ERPNext version 15.57.5 to address the SQL injection issue in the `import coa()` function.

**Name of the Vulnerable Software and Affected Versions** Frappe ErpNext version 15.57.5 **Description** The `get timesheet detail rate()` function located at `erpnext/projects/doctype/timesheet/timesheet.py` is susceptible to SQL Injection. This allows an attacker to extract information from databases by injecting SQL queries through the `timelog` parameter. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `get timesheet detail rate()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get loyalty program details with points()` function located at `erpnext/accounts/doctype/loyalty program/loyalty program.py` is susceptible to SQL Injection. An attacker can inject a SQL query into the `expiry date` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get loyalty program details with points()` function at `erpnext/accounts/doctype/loyalty program/loyalty program.py` to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** Frappe ERPNext version 15.57.5 contains a SQL injection issue in the `get stock balance()` function located at `erpnext/stock/utils.py`. An attacker can inject a SQL query into the `inventory dimensions dict` parameter, potentially allowing them to extract information from databases. **Recommendations** Update to version 15.57.6 or later.

**Name of the Vulnerable Software and Affected Versions** CraftCMS version 3.8.1 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted script to the `Section` parameter. This enables the attacker to potentially gain control over the system, allowing for unauthorized actions. **Recommendations** For CraftCMS version 3.8.1, consider disabling access to the `Section` parameter until a patch is available. As a temporary workaround, restrict the ability to execute scripts via this parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Popup Maker WordPress plugin versions prior to 1.16.9 **Description** The issue is related to the lack of validation and escaping of one of the shortcode attributes in the Popup Maker WordPress plugin. This could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 1.16.9, update to version 1.16.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Silverstripe silverstripe/framework versions through 4.11 **Description** The issue allows remote attackers to execute a Javascript payload in the versioned history compare view by adding it to a page's meta description. This can be done by a malicious content author who has access to the CMS. The attacker must then convince a privileged user to access the version history for that page. **Recommendations** For versions through 4.11, consider restricting access to the versioned history compare view until a patch is available. As a temporary workaround, limit the ability for content authors to add Javascript payloads to page meta descriptions. Ensure that only trusted users have access to the CMS to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Silverstripe silverstripe/cms versions 4.11.0 and earlier **Description** The issue allows for XSS (Cross-Site Scripting) attacks. A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut, and it requires CMS access to exploit. **Recommendations** For versions 4.11.0 and earlier, as a temporary workaround, consider restricting access to custom meta tags until a patch is available. Restrict CMS access to minimize the risk of exploitation. Avoid using custom keyboard shortcuts in the affected CMS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Silverstripe silverstripe/framework versions through 4.11 **Description** The issue allows SQL Injection, which can be exploited by an attacker with CMS access to execute arbitrary SQL statements. This is achieved by adding an SQL payload in certain parts of the GridField state. The vast majority of Gridfields in Silverstripe CMS are affected. **Recommendations** For versions through 4.11, consider restricting access to the GridField state to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Silverstripe silverstripe/framework versions through 4.11 **Description** The issue allows for XSS via a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. A malicious content author could exploit this by adding a JavaScript payload to the href attribute of a link. An attacker must have access to the CMS to exploit this issue. **Recommendations** For versions through 4.11, as a temporary workaround, consider restricting access to the href attribute of links to minimize the risk of exploitation. Avoid using the `href` attribute in links with JavaScript URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite version 8.8.15 **Description** The issue allows for the execution of arbitrary JavaScript on the victim's machine due to a Reflected XSS vulnerability. This is caused by the `/h/search?action=voicemail&action=listen` endpoint accepting a `phone` parameter that is not properly sanitized. **Recommendations** For Zimbra Collaboration Suite version 8.8.15, as a temporary workaround, consider restricting access to the `/h/search?action=voicemail&action=listen` endpoint until a patch is available. Avoid using the `phone` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite version 8.8.15 **Description** The issue concerns a Reflected XSS vulnerability. It is related to the URL at "/h/compose" which accepts an `attachUrl` parameter. This allows for the execution of arbitrary JavaScript on the victim's machine. **Recommendations** For Zimbra Collaboration Suite version 8.8.15, consider restricting access to the "/h/compose" endpoint until a patch is available. As a temporary workaround, avoid using the `attachUrl` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite version 8.8.15 **Description** The issue allows an attacker to trigger XSS by adding JavaScript code to the `view` parameter and changing the value of the `uncheck` parameter to a string at the URL "/h/calendar". **Recommendations** For Zimbra Collaboration Suite version 8.8.15, as a temporary workaround, consider restricting access to the "/h/calendar" URL until a patch is available. Avoid using the `view` and `uncheck` parameters in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SmartVista SVFE2 version 2.2.22 **Description** The issue is a SQL injection vulnerability. It can be exploited via the `UserForm:j id90` parameter at the "/feegroups/tgrt group.jsf" API endpoint. **Recommendations** For SmartVista SVFE2 version 2.2.22, consider restricting access to the `/feegroups/tgrt group.jsf` API endpoint to minimize the risk of exploitation. Avoid using the `UserForm:j id90` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmartVista Cardgen version 3.28.0 **Description** The issue affects the IGB Files and OutfileService features, allowing attackers to list and download arbitrary files by modifying the `PATH` parameter. **Recommendations** For SmartVista Cardgen version 3.28.0, consider restricting access to the IGB Files and OutfileService features until a patch is available. As a temporary workaround, avoid using the `PATH` parameter in the affected features to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SmartVista Cardgen version 3.28.0 **Description** A Path Traversal issue allows authenticated attackers to read arbitrary files in the system. **Recommendations** For SmartVista Cardgen version 3.28.0, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.