V-Rico

Name of the Vulnerable Software and Affected Versions: Kestra versions prior to 0.22.0 Description: The issue concerns an event-driven orchestration platform where the error message in the execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP responses. Recommendations: For versions prior to 0.22.0, update to version 0.22.0 to resolve the issue. As a temporary workaround, consider restricting access to the "Overview" tab in the execution section until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Sourcefabric Newscoop version 4.4.7 **Description** The issue allows an authenticated user to execute arbitrary PHP code, and sometimes terminal commands, on a server. This is achieved by making an avatar update and then visiting the avatar file under the "/images/" path. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Sourcefabric Newscoop version 4.4.7, consider restricting access to the `/images/` path to prevent exploitation until a patch is available. As a temporary workaround, avoid using the avatar update feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.