>> TAG: #0day

ENTAB ERP 1.0 – Username PII leak

Lucee Scheduled Job v1.0 – Command Execution

X2CRM v6.6/6.9 – Reflected Cross-Site Scripting (XSS) (Authenticated)

X2CRM v6.6/6.9 – Stored Cross-Site Scripting (XSS) (Authenticated)

Microsoft Windows 11 – ‘cmd.exe’ Denial of Service

ZCBS/ZBBS/ZPBS v4.14k – Reflected Cross-Site Scripting (XSS)

WebsiteBaker v2.13.3 – Cross-Site Scripting (XSS)

Pentaho BA Server EE 9.3.0.0-428 – Remote Code Execution (RCE) (Unauthenticated)

ESET Service 16.0.26.0 – ‘Service ekrn’ Unquoted Service Path

Online Appointment System V1.0 – Cross-Site Scripting (XSS)