Vadlareddysai

**Name of the Vulnerable Software and Affected Versions** diskover-community versions prior to 2.3.6 **Description** A Cross Site Request Forgery (CSRF) issue allows a remote attacker to escalate privileges and obtain sensitive information. This is possible through the 'public/settings process.php' endpoint. **Recommendations** Update to a version later than 2.3.5. As a temporary workaround, restrict access to the 'public/settings process.php' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** diskover-community versions 2.3.5 and earlier **Description** A reflected cross-site scripting (XSS) issue exists in the 'public/view.php' endpoint via the `doctype` parameter. Reflected XSS occurs when an application includes untrusted data in a web page without proper validation or encoding, allowing an attacker to execute malicious scripts in the victim's browser. **Recommendations** Update to a version later than 2.3.5. As a temporary workaround, restrict or sanitize the input passed to the `doctype` parameter in the 'public/view.php' endpoint.

**Name of the Vulnerable Software and Affected Versions** diskover-community versions 2.3.5 and earlier **Description** A reflected cross-site scripting (XSS) issue exists in the 'public/selectindices.php' endpoint through the `namecontains` parameter. Reflected XSS occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing an attacker to execute malicious scripts in the victim's browser. **Recommendations** Update to a version later than 2.3.5. As a temporary workaround, restrict access to the 'public/selectindices.php' endpoint or avoid using the `namecontains` parameter.