Tunahan Tekeoğlu

**Name of the Vulnerable Software and Affected Versions** Pyxis Signage versions through 31012025 **Description** Pyxis Signage is affected by an Improper Neutralization of Input During Web Page Generation, specifically a Stored Cross-Site Scripting (XSS) issue. This allows for persistent JavaScript execution in the browsers of administrators. A real-world scenario involves compromising signage to display phishing content in public locations such as corporate lobbies, retail stores, and airports. The issue impacts digital signage systems deployed in public spaces with limited monitoring. There are over 3.2 million potentially affected devices worldwide. The vulnerability can be exploited through the injection of malicious JavaScript code. **Recommendations** Versions prior to 31012025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Pyxis Signage versions through 31012025 **Description** Pyxis Signage is affected by an unrestricted file upload issue with dangerous file types. This allows access to functionality not properly constrained by Access Control Lists (ACLs). **Recommendations** Versions prior to 31012025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Veribase Order versions prior to 4.010.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS, Cross-Site Scripting, exploitation of Script-Based APIs, and XSS Through HTTP Headers. This is due to improper encoding or escaping of output and improper neutralization of script in attributes in a web page. **Recommendations** For versions prior to 4.010.3, update to version 4.010.3 or later to resolve the issue. As a temporary workaround, consider restricting access to script-based APIs and HTTP headers to minimize the risk of exploitation. Additionally, ensure proper input validation and output encoding to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Veribase Order Management versions prior to v4.010.2 **Description** The issue is related to an OS Command Injection vulnerability, which allows unauthorized access due to improper neutralization of special elements used in an OS command. This vulnerability affects Veribase Order Management software, enabling OS Command Injection exploits. **Recommendations** For versions prior to v4.010.2, update to version v4.010.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the software to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TeoBASE versions through 20240327 **Description** The issue is related to an Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE, allowing authentication bypass. The vendor was contacted about this disclosure but did not respond. **Recommendations** For versions through 20240327, as a temporary workaround, consider restricting access to sensitive areas of TeoBASE until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeoBASE versions through 27032024 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor was contacted about this disclosure but did not respond. **Recommendations** For versions through 27032024, as a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.