Vinit Lakra

**Name of the Vulnerable Software and Affected Versions** Dialogity Free Live Chat versions through 1.0.3 **Description** A flaw exists in Dialogity Free Live Chat that allows for Stored Cross-site Scripting (XSS). This issue occurs due to improper neutralization of input during web page generation. The vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected product is susceptible to exploitation through the injection of malicious code. **Recommendations** Update Dialogity Free Live Chat to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** AnyClip Luminous Studio versions through 1.3.3 **Description** The AnyClip Luminous Studio software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The issue affects the application's ability to properly sanitize user-supplied data before rendering it in web pages. **Recommendations** Update AnyClip Luminous Studio to a version later than 1.3.3.

**Name of the Vulnerable Software and Affected Versions** Gravitate Automated Tester versions through 1.4.5 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The issue allows for the execution of arbitrary code within the context of a user's browser. **Recommendations** Update Gravitate Automated Tester to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** chtombleson Mobi2Go versions through 1.0.0 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The vulnerability affects the application’s ability to properly sanitize user-supplied data before including it in dynamically generated web content. The affected application does not properly neutralize input, leading to the possibility of executing arbitrary JavaScript code in the context of a user's browser. **Recommendations** Update to a version beyond 1.0.0.

**Name of the Vulnerable Software and Affected Versions** Will.I.am Simple Restaurant Menu versions through 1.2 **Description** The Simple Restaurant Menu software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into the application and executed by other users. The vulnerability allows an attacker to inject malicious code through web pages. **Recommendations** Update Will.I.am Simple Restaurant Menu to a version later than 1.2.

**Name of the Vulnerable Software and Affected Versions** Proof Factor – Social Proof Notifications versions through 1.0.5 **Description** The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting (XSS). This allows for the injection of malicious scripts into web pages viewed by other users. The issue is a Stored XSS, meaning the malicious script is permanently stored on the target server. **Recommendations** Update Proof Factor – Social Proof Notifications to a version later than 1.0.5.

**Name of the Vulnerable Software and Affected Versions** eZee Technosys eZee Online Hotel Booking Engine versions through 1.0.0 **Description** The eZee Online Hotel Booking Engine contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting (XSS) issue. This specific instance allows for Stored XSS attacks. The vulnerability exists because the application does not properly sanitize user-supplied data, which can then be injected into web pages viewed by other users. The affected API endpoints and vulnerable parameters are not specified. **Recommendations** Update eZee Online Hotel Booking Engine to a version later than 1.0.0.

**Name of the Vulnerable Software and Affected Versions** Modern Minds Magento 2 WordPress Integration versions through 1.4.1 **Description** The Modern Minds Magento 2 WordPress Integration software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts. The issue impacts the application's ability to sanitize user-supplied data, potentially leading to the execution of arbitrary code within the context of a user's browser. The vulnerability allows for Stored XSS. **Recommendations** Update Modern Minds Magento 2 WordPress Integration to a version later than 1.4.1.

**Name of the Vulnerable Software and Affected Versions** davaxi Goracash versions through 1.1 **Description** The software contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-site Scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The affected software is davaxi Goracash. **Recommendations** Update davaxi Goracash to a version later than 1.1.

**Name of the Vulnerable Software and Affected Versions** SAPO SAPO Feed versions through 2.4.2 **Description** The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Stored Cross-site Scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The issue affects SAPO Feed. **Recommendations** Update SAPO SAPO Feed to a version later than 2.4.2.

**Name of the Vulnerable Software and Affected Versions** Tan Nguyen Instant Locations versions through 1.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ivan Drago vipdrv versions through 1.0.3 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Ivan Drago vipdrv to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** Thomas Harris Search Cloud One versions through 2.2.5 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Thomas Harris Search Cloud One to a version later than 2.2.5.

**Name of the Vulnerable Software and Affected Versions** Mesa Mesa Reservation Widget versions through 1.0.0 **Description** The Mesa Mesa Reservation Widget contains a Stored Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update Mesa Mesa Reservation Widget to a version later than 1.0.0.

**Name of the Vulnerable Software and Affected Versions** vikingjs Goal Tracker for Patreon versions through 0.4.6 **Description** The application suffers from a Stored Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web pages viewed by other users. **Recommendations** Update vikingjs Goal Tracker for Patreon to a version later than 0.4.6.

**Name of the Vulnerable Software and Affected Versions** Md Abunaser Khan Advance Food Menu versions through 1.0 **Description** The software contains a Stored Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows malicious actors to inject scripts into web pages viewed by other users. **Recommendations** Update Md Abunaser Khan Advance Food Menu to a version later than 1.0.

Name of the Vulnerable Software and Affected Versions: jgwhite33 WP Thumbtack Review Slider versions through 2.6 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). Recommendations: Update jgwhite33 WP Thumbtack Review Slider to a version later than 2.6.

Name of the Vulnerable Software and Affected Versions: badasswp Pending Order Bot versions through 1.0.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-site Scripting condition. This allows for the injection of malicious scripts into web pages generated by the application. Recommendations: Update badasswp Pending Order Bot to a version later than 1.0.2.

Name of the Vulnerable Software and Affected Versions: Xolluteon Dropshix versions through 4.0.14 Description: Improper neutralization of input during web page generation allows for DOM-Based Cross-site Scripting (XSS). Recommendations: Update Xolluteon Dropshix to a version later than 4.0.14.