Xib3Rr4Dar

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.15 **Description** An easily exploitable issue exists in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting Admin). An unauthenticated attacker with network access via HTTP can compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker. While the issue is in Oracle Scripting, attacks may impact additional products. Successful attacks can result in unauthorized update, insert, or delete access to some Oracle Scripting accessible data, as well as unauthorized read access to a subset of Oracle Scripting accessible data. **Recommendations** Versions 12.2.3 through 12.2.15 are affected and require attention.

**Name of the Vulnerable Software and Affected Versions** Evisions MAPS version 6.10.2.267 **Description** A reflected cross-site scripting issue allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload into the "mw/" endpoint. **Recommendations** For Evisions MAPS version 6.10.2.267, consider restricting access to the /mw/ endpoint until a fix is available. As a temporary workaround, avoid using the vulnerable endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Super Store Finder plugin for WordPress versions up to, and including, 7.0 **Description** The issue allows unauthenticated attackers to perform SQL Injection via the `ssf wp user name` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into an already existing query, potentially leading to stored cross-site scripting in store reviews. **Recommendations** For Super Store Finder plugin for WordPress versions up to, and including, 7.0, consider disabling the `ssf wp user name` parameter until a patch is available to prevent SQL Injection attacks. Restrict access to store reviews to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DSpace versions 7.0 through 7.6.1 **Description** DSpace is an open source software used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In the affected versions, when an HTML, XML, or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript, potentially leading to an XSS attack. This issue can be exploited by a user with Submitter privileges who uploads a malicious HTML/XML/JavaScript file. The attack occurs when a visitor or logged-in user downloads the file or clicks on a download link shared by the attacker. If the repository is configured to only download HTML/XML/JavaScript Bitstreams using the `Content-Disposition: attachment` header, the attack is no longer possible. **Recommendations** For DSpace versions 7.6 or 7.6.1, add the following `webui.content disposition format` settings to the `dspace.cfg` configuration file to force all HTML, XML, RDF, and JavaScript files to always be downloaded to a user's machine: ``` webui.content disposition format = text/html webui.content disposition format = text/javascript webui.content disposition format = text/xml webui.content disposition format = rdf ``` For DSpace versions 7.0 through 7.5, either upgrade to 7.6.2 or 8.0, or upgrade to 7.6 or 7.6.1 and apply the configuration change mentioned above. Alternatively, manually add the `webui.content disposition format` setting and apply the configuration changes, or find a way to force the `Content-Disposition: attachment` header to be sent for all files downloaded via the `/server/api/core/bitstreams/[uuid]/content` API endpoint.

**Name of the Vulnerable Software and Affected Versions** Avada theme for WordPress versions up to, and including, 7.11.6 **Description** The issue allows unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. This is possible due to sensitive information exposure in the '/wp-content/uploads/fusion-forms/' directory. **Recommendations** For versions up to, and including, 7.11.6, update to a version later than 7.11.6 to resolve the issue. As a temporary workaround, consider restricting access to the '/wp-content/uploads/fusion-forms/' directory until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.6 **Description** The issue allows authenticated attackers with contributor-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services through the `form to url action` function. **Recommendations** For Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.6, consider disabling the `form to url action` function until a patch is available to prevent exploitation. Restrict access to internal services to minimize the risk of information query and modification.

**Name of the Vulnerable Software and Affected Versions** Avada theme for WordPress versions up to, and including, 7.11.6 **Description** The issue allows authenticated attackers with editor-level access and above to perform SQL Injection via the `entry` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. **Recommendations** For Avada theme for WordPress versions up to, and including, 7.11.6, update to a version later than 7.11.6 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 **Description** The issue allows unauthorized access to data due to a missing capability check on the `get uri editor` function. This enables unauthenticated attackers to view the permalinks of all posts. **Recommendations** For versions up to, and including, 2.4.3.1, update to a version higher than 2.4.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the `get uri editor` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Permalink Manager Lite and Pro plugins for WordPress versions up to, and including, 2.4.3.1 **Description** The issue is related to Reflected Cross-Site Scripting via the `s` parameter in multiple instances due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For Permalink Manager Lite and Pro plugins for WordPress versions up to, and including, 2.4.3.1, update to a version later than 2.4.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the `s` parameter in affected instances to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Avada theme for WordPress versions up to, and including, 7.11.6 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Avada theme for WordPress versions up to, and including, 7.11.6, update to a version later than 7.11.6 to resolve the issue. As a temporary workaround, consider restricting access to the shortcodes feature for users with contributor-level and above permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Responsive theme for WordPress versions up to, and including, 5.0.2 **Description** The issue allows unauthorized modification of data due to a missing capability check on the `save footer text callback` function. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer. **Recommendations** For versions up to, and including, 5.0.2, update to a version higher than 5.0.2 to resolve the issue. As a temporary workaround, consider disabling the `save footer text callback` function until a patch is available. Restrict access to the footer modification feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress versions up to, and including, 1.1.9 **Description** The issue is related to a missing capability check on the `admin reload nav menu()` function, which allows unauthenticated attackers to modify the location of display menus. This makes it possible for unauthorized modification of data. **Recommendations** For versions up to, and including, 1.1.9, consider disabling the `admin reload nav menu()` function until a patch is available to prevent unauthorized modification of data. Restrict access to the admin navigation menu to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 **Description** The issue arises from a missing capability check on the `ajax save permalink` function, allowing authenticated attackers with author access or above to modify the permalinks of arbitrary posts. This enables unauthorized modification of data. **Recommendations** For Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1, consider disabling the `ajax save permalink` function until a patch is available to prevent unauthorized modification of permalinks. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with author access and above.

**Name of the Vulnerable Software and Affected Versions** Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 **Description** The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions, including fields that are obfuscated, such as the contact form's `password` field, via the form entries page. **Recommendations** For versions up to and including 7.11.5, update to a version later than 7.11.5 to resolve the issue. As a temporary workaround, consider restricting access to the form entries page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.4 **Description** The issue is related to arbitrary file uploads due to missing file type validation in the `ajax import options()` function. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server, which may lead to remote code execution. The flaw is estimated to affect nearly 950,000 sales. **Recommendations** For versions up to, and including, 7.11.4, update to a version above 7.11.4 to resolve the issue. As a temporary workaround, consider disabling the `ajax import options()` function until a patch is available. Restrict access to the affected site's server to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation on the `list questions()` function. This allows unauthenticated attackers to delete questions from quizzes by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4, consider disabling the `list questions()` function until a patch is available to prevent exploitation. Restrict access to quiz management features to minimize the risk of unauthorized question deletion.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages via the `datef` parameter on the "chainedquiz list" page, potentially executing if a user is tricked into performing an action like clicking on a link. **Recommendations** For versions up to, and including, 1.3.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the "chainedquiz list" page or disabling the use of the `datef` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 **Description** The issue arises from insufficient input sanitization and output escaping, allowing Reflected Cross-Site Scripting attacks. This can be exploited via the `pointsf` parameter on the "chainedquiz list" page, enabling unauthenticated attackers to inject arbitrary web scripts. Attackers can trick users into performing actions like clicking on a link to execute these scripts. **Recommendations** For Chained Quiz plugin for WordPress versions up to, and including, 1.3.2, update to a version later than 1.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the "chainedquiz list" page and avoiding use of the `pointsf` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 **Description** The issue arises from insufficient input sanitization and output escaping, allowing Reflected Cross-Site Scripting attacks. This can be exploited via the `dnf` parameter on the "chainedquiz list" page, enabling unauthenticated attackers to inject arbitrary web scripts. Attackers can trick users into performing actions like clicking on a link to execute these scripts. **Recommendations** For Chained Quiz plugin for WordPress versions up to, and including, 1.3.2, update to a version later than 1.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the "chainedquiz list" page and avoiding use of the `dnf` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz plugin for WordPress versions up to, and including, 1.3.2 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages via the `emailf` parameter on the "chainedquiz list" page, potentially executing if a user is tricked into performing an action like clicking on a link. **Recommendations** For versions up to, and including, 1.3.2, update to a version higher than 1.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the "chainedquiz list" page and avoiding use of the `emailf` parameter until a patch is available.