The_Druk

**Name of the Vulnerable Software and Affected Versions** Telestream Sentry version 6.0.9 **Description** A vulnerability has been found in the Reports Page component of the affected software, specifically in the file "/?page=reports". The manipulation of the `z` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Telestream Sentry version 6.0.9, consider disabling access to the "/?page=reports" endpoint until a patch is available. As a temporary workaround, restrict the manipulation of the `z` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TMsoft MyAuth Gateway version 3 **Description** A problematic vulnerability has been found in TMsoft MyAuth Gateway. The issue affects an unknown function of the file /index.php. The manipulation of the argument `console/nocache/cmd` leads to cross-site scripting. It is possible to launch the attack remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For TMsoft MyAuth Gateway version 3, as a temporary workaround, consider restricting access to the `/index.php` file and the `console/nocache/cmd` argument until a patch is available. Avoid using the `console/nocache/cmd` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated". The manipulation of the argument `Phone Number` leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: As a temporary workaround, consider disabling the `/vood/cgi-bin/vood view.cgi` endpoint until a patch is available. Restrict access to the `Phone Number` argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Genexis Tilgin Fiber Home Gateway HG1522 version CSx000-01 09 01 12 **Description** A vulnerability was found in the Genexis Tilgin Fiber Home Gateway, affecting an unknown functionality of the file /status/product info/. The manipulation of the `product info` argument leads to cross-site scripting. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For version CSx000-01 09 01 12, as a temporary workaround, consider restricting access to the /status/product info/ file until a patch is available. Avoid using the `product info` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: EZ-Suite EZ-Partner version 5 Description: A vulnerability has been found in the Forgot Password Handler component, leading to basic cross site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For EZ-Suite EZ-Partner version 5, consider disabling the Forgot Password Handler component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: A problematic issue has been found, affecting an unknown function of the file /vood/cgi-bin/vood view.cgi?act=index&lang=EN# of the component Login. The manipulation of the `errmsg` argument leads to basic cross site scripting. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For version 322 AS0500-03 05 13 05, as a temporary workaround, consider restricting access to the `/vood/cgi-bin/vood view.cgi` endpoint until a patch is available. Avoid using the `errmsg` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.