Wen Bin Kong

**Name of the Vulnerable Software and Affected Versions** CheckSec Canopy versions prior to 3.0.7 **Description** The issue allows for stored XSS attacks via the Login Page Disclaimer, enabling low-privileged users to target higher-privileged users. **Recommendations** For versions prior to 3.0.7, update to version 3.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pivotal Spring Batch Admin, all versions **Description** The issue concerns a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access could store an arbitrary web script that would be executed by other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pivotal Spring Batch Admin, all versions **Description** The issue concerns the lack of cross-site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This has not been patched because Spring Batch Admin has reached end of life. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.