Tranvannam186

**Name of the Vulnerable Software and Affected Versions** LimeSurvey version 4.2.5 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited via the Notifications & data feature, specifically on a textbox. **Recommendations** For LimeSurvey version 4.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Navigate CMS version 2.9 **Description** The issue allows for XSS attacks through the Alias or Real URL field in the "Web Sites > Create > Aliases > Add" screen. **Recommendations** For Navigate CMS version 2.9, avoid using the Alias or Real URL field in the "Web Sites > Create > Aliases > Add" screen until a fix is available. As a temporary workaround, consider validating and sanitizing all user input for the Alias and Real URL fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osTicket version 1.14.2 **Description** The issue allows for XSS attacks via a Knowledgebase Category Name or Category Description in the `scp/categories.php` file. The attacker must have Agent privileges to exploit this issue. **Recommendations** For osTicket version 1.14.2, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.