Xh4Vm

**Name of the Vulnerable Software and Affected Versions** ClinCapture EDC versions 2.2.3 and 3.0 **Description** A reflected cross-site scripting (XSS) issue exists that allows a remote attacker to execute JavaScript code within a user's browser. The attacker does not need to be authenticated to exploit this issue. **Recommendations** Update ClinCapture EDC to a version that addresses this issue.

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.10.1 Thunderbird versions prior to 138.0.1 Description: The issue allows sender spoofing if the server permits an invalid From address. For example, if the From header contains an invalid value, Thunderbird treats the specified address as the actual one. This can lead to spoofing attacks, potentially resulting in the sender's address being falsified. Recommendations: For Thunderbird versions prior to 128.10.1, update to version 128.10.1 or later. For Thunderbird versions prior to 138.0.1, update to version 138.0.1 or later. As a temporary workaround, consider restricting the use of invalid From addresses until a patch is available.