Xin Yu Lin

**Name of the Vulnerable Software and Affected Versions** BPMFlowWebkit (affected versions not specified) **Description** BPMFlowWebkit developed by WELLTEND TECHNOLOGY has an issue that allows unauthenticated remote attackers to download arbitrary system files by exploiting Absolute Path Traversal. The vulnerability allows for arbitrary file reading. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BPMFlowWebkit (affected versions not specified) **Description** BPMFlowWebkit developed by WELLTEND TECHNOLOGY has an arbitrary file upload issue. This allows unauthenticated remote attackers to upload and execute web shell backdoors, leading to arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** N-Reporter (affected versions not specified) N-Cloud (affected versions not specified) N-Probe (affected versions not specified) **Description** The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sunnet eHRD (affected versions not specified) **Description** The eHRD platform contains a reflected cross-site scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser through phishing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sunnet eHRD (affected versions not specified) **Description** The eHRD platform developed by Sunnet is susceptible to a Reflected Cross-site Scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser through phishing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.