Yamaguchi Kakeru

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN routers (affected versions not specified) **Description** The issue is related to a cross-site scripting vulnerability. It is assumed that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WRH-300WH-H versions 2.12 and earlier WTC-300HWH versions 1.09 and earlier **Description** A cross-site scripting issue allows a remote unauthenticated attacker to inject an arbitrary script. **Recommendations** For WRH-300WH-H versions 2.12 and earlier, update to a version later than 2.12 to resolve the issue. For WTC-300HWH versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 4.4.5 Description: The issue is related to improper neutralization of JavaScript input in the blog article editing function, allowing remote authenticated attackers to inject an arbitrary script via unspecified vectors. Recommendations: For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the blog article editing function to minimize the risk of exploitation.