Yavuz Atlas

**Name of the Vulnerable Software and Affected Versions** tecrail Responsive FileManager version 9.8.1 **Description** An issue was discovered in the dialog.php file, allowing attackers to access the file manager interface. This access provides attackers with the ability to upload and delete files. **Recommendations** For version 9.8.1, consider restricting access to the dialog.php file until a patch is available. As a temporary workaround, limit the functionality of the file manager interface to prevent unauthorized file uploads and deletions.

**Name of the Vulnerable Software and Affected Versions** tecrail Responsive FileManager version 9.8.1 **Description** A reflected XSS issue allows remote attackers to inject arbitrary web script or HTML. This occurs in the dialog.php file. **Recommendations** For tecrail Responsive FileManager version 9.8.1, consider disabling the dialog.php file as a temporary workaround until a patch is available. Restrict access to this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hanwha Web Viewer version 2.17 Samsung Web Viewer (affected versions not specified) **Description** The issue affects the Web Viewer for Hanwha DVR and Smart Viewer in Samsung Web Viewer for Samsung DVR, allowing for XSS attacks. The vulnerability can be exploited via the `/cgi-bin/webviewer login page` API endpoint, specifically through the `data3` parameter. **Recommendations** For Hanwha Web Viewer version 2.17, avoid using the `data3` parameter in the `/cgi-bin/webviewer login page` API endpoint until the issue is resolved. For Samsung Web Viewer, restrict access to the `/cgi-bin/webviewer login page` API endpoint to minimize the risk of exploitation, as the affected versions are not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Balbooa Gridbox extension versions prior to 2.4.0 **Description** The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this via a crafted URL to execute script in a victim's Web browser, potentially stealing the victim's cookie-based authentication credentials. **Recommendations** For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Openfire versions prior to 3.9.2 **Description** The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this via a crafted URL to execute script in a victim's Web browser, potentially stealing the victim's cookie-based authentication credentials. **Recommendations** For versions prior to 3.9.2, update to version 3.9.2 or later to resolve the issue.