Zeeshan Khan

**Name of the Vulnerable Software and Affected Versions** yungifez Skuul School Management System versions through 2.6.5 **Description** A weakness exists in yungifez Skuul School Management System. This issue affects unknown code within the SVG File Handler component, specifically in the file `/dashboard/schools/1/edit`. This manipulation can lead to cross site scripting. The attack can be carried out remotely. The exploit has been made publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 2.6.5 are recommended.

**Name of the Vulnerable Software and Affected Versions** yungifez Skuul School Management System versions up to 2.6.5 **Description** A security issue exists in yungifez Skuul School Management System. The problem relates to the processing of the file `/user/profile` within the Image Handler component, potentially leading to information disclosure. The attack can be initiated remotely, and the exploit has been publicly disclosed. The vendor was informed of the disclosure but did not respond. **Recommendations** Versions prior to 2.6.5 should be used.

**Name of the Vulnerable Software and Affected Versions** yungifez Skuul School Management System versions up to 2.6.5 **Description** A security flaw exists in yungifez Skuul School Management System. Manipulation of the `invoice id` argument within an unknown function of the `/dashboard/fees/fee-invoices/` file, part of the View Fee Invoice component, leads to improper control of resource identifiers. Remote exploitation is possible, and the exploit has been publicly released. The complexity of the attack is considered high, and exploitability is difficult. The vendor was contacted but did not respond. **Recommendations** Versions prior to 2.6.5 should be used.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Community Edition versions up to 9.2.1 **Description** A security issue exists in LogicalDOC Community Edition related to the API Key creation UI. This issue allows for cross site scripting. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 9.2.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Community Edition versions up to 9.2.1 **Description** A flaw exists in LogicalDOC Community Edition that relates to improper restriction of excessive authentication attempts. This issue affects the Admin Login Page component, specifically within the `/login.jsp` file. The attack can be carried out remotely and is considered to have high complexity, with difficult exploitability. The exploit is publicly available. **Recommendations** Versions prior to 9.2.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** LogicalDOC Community Edition versions up to 9.2.1 **Description** A security issue exists in LogicalDOC Community Edition. The problem is related to processing within the `/frontend.jsp` file of the Add Contact Page component. Manipulation of the `First Name`, `Last Name`, `Company`, `Address`, `Phone`, or `Mobile` arguments can lead to cross site scripting. Remote exploitation is possible, and an exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Versions prior to 9.2.1 should be updated.