Wrongsid3

**Name of the Vulnerable Software and Affected Versions** Sysax Multi Server version 6.90 **Description** An issue allows an attacker to determine the username under which the web server is running by triggering an invalid path permission error, bypassing the fakepath protection mechanism. **Recommendations** For Sysax Multi Server version 6.90, consider restricting access to sensitive paths to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sysax Multi Server version 6.90 **Description** An issue was discovered in Sysax Multi Server, where there is reflected XSS via the "/scgi" endpoint, specifically through the `sid` parameter. **Recommendations** For Sysax Multi Server version 6.90, as a temporary workaround, consider restricting access to the "/scgi" endpoint until a patch is available. Avoid using the `sid` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sysax Multi Server version 6.90 **Description** An issue allows a session to be hijacked by observing the `sid` value in any "/scgi" API endpoint, as it serves as an authentication token. **Recommendations** For Sysax Multi Server version 6.90, consider restricting access to the "/scgi" API endpoint to minimize the risk of session hijacking until a patch is available. Avoid using the `sid` value as an authentication token in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.