Kenneth F. Belva

**Name of the Vulnerable Software and Affected Versions** Restaurant Script (PizzaInn Project) version 1.0.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `fname`, `lname`, or `login` parameters in the register-exec.php file, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For Restaurant Script (PizzaInn Project) version 1.0.0, consider validating and sanitizing user input for the `fname`, `lname`, and `login` parameters to prevent XSS attacks. As a temporary workaround, restrict access to the register-exec.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog (affected versions not specified) **Description** The issue allows remote attackers to delete arbitrary files via the `comment` parameter in the "comment delete cgi.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.