Zbigniew Piotrak

**Name of the Vulnerable Software and Affected Versions** OutSystems Lifetime versions prior to 11.28.2.3955 **Description** An authorization bypass exists due to a user-controlled key in the `ApplicationID` parameter. This allows any authenticated user to read the Change Log, which contains the application names and actions performed by other users. **Recommendations** Update to version 11.28.2.3955. Restrict use of the `ApplicationID` parameter to authorized personnel only until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Betheme theme for WordPress versions prior to 28.1.7 **Description** The theme is susceptible to Stored Cross-Site Scripting through the `page title` parameter. Insufficient input sanitization and output escaping in theme breadcrumbs allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update to version 28.1.7 or later.