L2Odon

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke INP (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query parameter in modules.php. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpbb-Auction (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the `ar` parameter in "auction room.php" and the `u` parameter in "auction store.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.