Jakub Galczyk

**Name of the Vulnerable Software and Affected Versions** MantisBT version 1.2.12 **Description** A cross-site scripting issue exists due to a vulnerability in the filter draw selection area2 function. This allows remote attackers to inject arbitrary web script or HTML via the `match type` parameter to the "bugs/search.php" endpoint. **Recommendations** For MantisBT version 1.2.12, update to version 1.2.13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 2.5.5 **Description** The issue allows remote attackers to obtain sensitive information. This is related to inadequate filtering and a SQL error. **Recommendations** For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue.