Okta
Monthly
Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.
MyBookTable Bookstore WordPress plugin versions 3.6.0 and earlier allow authenticated high-privilege users to inject malicious scripts that are stored and executed in the browsers of other users, enabling stored cross-site scripting (XSS) attacks. The vulnerability requires admin-level authentication and user interaction from victims to trigger, limiting real-world exploitation scope despite network accessibility. EPSS probability is exceptionally low at 0.03%, reflecting the authentication and interaction barriers.
Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.
MyBookTable Bookstore WordPress plugin versions 3.6.0 and earlier allow authenticated high-privilege users to inject malicious scripts that are stored and executed in the browsers of other users, enabling stored cross-site scripting (XSS) attacks. The vulnerability requires admin-level authentication and user interaction from victims to trigger, limiting real-world exploitation scope despite network accessibility. EPSS probability is exceptionally low at 0.03%, reflecting the authentication and interaction barriers.