Vincent Audet Menard

**Name of the Vulnerable Software and Affected Versions** AlternC versions 0.9.5 and earlier **Description** A cross-site scripting (XSS) issue exists in the file manager, allowing remote attackers to inject arbitrary web script or HTML via a folder name. This occurs in the admin/bro main.php file. **Recommendations** For AlternC versions 0.9.5 and earlier, update to a version later than 0.9.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AlternC versions 0.9.5 and earlier **Description** The issue allows remote attackers to obtain sensitive information via certain folder names, such as ones composed of JavaScript code, which reveal the path in a warning message when warnings are enabled in PHP. **Recommendations** For AlternC versions 0.9.5 and earlier, consider disabling warnings in PHP as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlternC versions 0.9.5 and earlier **Description** The issue concerns the transmission of the SQL password in cleartext within a cookie by the phpmyadmin subsystem. This could potentially allow remote attackers to obtain the password through sniffing or by exploiting a cross-site scripting (XSS) attack. **Recommendations** For AlternC versions 0.9.5 and earlier, consider disabling the phpmyadmin subsystem until a secure version is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the affected subsystem in insecure networks to reduce the risk of password sniffing.